This heap overflow vulnerability can be exploited by sending a large number of malicious requests to libagifencoder.quram.so. An attacker can host a malicious web server on an insecure port to induce a victim to visit a specific URL. An attacker can also send specially crafted URLs to libagifencoder.quram.so via email or other vectors.
CVE-2023 – Heap-based buffer overflow in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. This vulnerability can be exploited by sending a large number of malicious requests to libagifencoder.quram.so.
Heap-based buffer overflow in gif_image.c in libgif- adept prior to SMR Oct-2022 Release 1 allows at least one of the following:
- Sending a large number of malicious requests to libagifencoder.quram.so that consume up to 4096 bytes of memory
- Sending specially crafted URLs via email or other vectors
- Performing a denial of service attack
Mitigation tips by libquram.so version
It is recommend to upgrade to the latest version of libquram.so that includes patch for CVE-2022-39852 and CVE-2023. If a patch has not been released, the best way to mitigate this vulnerability is by restricting access from untrusted networks.
Timeline
Published on: 10/07/2022 15:15:00 UTC
Last modified on: 10/11/2022 14:31:00 UTC