dloebl CGIF Integer Overflow Vulnerability in GIF Image Handler

A vulnerability allowing for integer overflow has been identified in the dloebl CGIF library, specifically in versions 0.4.0 through 0.5.2. The issue arises in the GIF Image Handler component, within the 'cgif_addframe' function of 'src/cgif.c'. The vulnerability is triggered by manipulating the width and height arguments, leading to an integer overflow. This flaw can be exploited remotely, causing frames in a GIF animation to be incorrectly processed, potentially resulting in missing frames or data corruption.

Impact

Exploitation of this vulnerability disrupts the GIF encoding process by causing the frame comparison logic to fail. This leads to frames being incorrectly judged as identical and discarded, causing loss of animation data or corruption in the final GIF output.

Reproduction

To reproduce this vulnerability, create a GIF using the cgif library with dimensions that exceed 2.15 billion pixels, such as 50000 by 50000. Ensure that the GIF has a frame with special flags set, like transparency or a local color palette, which will trigger the vulnerable pixel comparison loop. The integer overflow can be observed by the skipped loop execution, allowing frames with different content to be incorrectly merged.

Remediation

Users are advised to update to the latest version of the cgif library, where this vulnerability has been fixed.