CVE-2022-1507

NameCVE-2022-1507
Descriptionchafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chafa (PTS)buster1.0.1-2vulnerable
bullseye1.6.0-1vulnerable
bookworm, sid1.12.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chafasource(unstable)1.10.2-1unimportant

Notes

https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/
https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2)
Crash in CLI tool, no security impact
Search for package or bug name: Reporting problems