{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2023/cve-2023-39742-els_os-almalinux9_2esu.json" } ], "title": "Security update on CVE-2023-39742", "tracking": { "current_release_date": "2026-01-19T22:18:25Z", "generator": { "date": "2026-01-19T22:18:25Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-39742-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2023-08-25T14:15:00Z", "revision_history": [ { "date": "2023-08-25T14:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-10-08T17:53:32Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-10-30T10:47:37Z", "number": "3", "summary": "Update document" }, { "date": "2025-11-29T11:37:06Z", "number": "4", "summary": "Update document" }, { "date": "2025-12-23T19:08:30Z", "number": "5", "summary": "Update document" }, { "date": "2026-01-19T22:18:25Z", "number": "6", "summary": "Update document" } ], "status": "final", "version": "6" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "product": { "name": "giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "product_id": "giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/giflib@5.2.1-9.el9.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "product": { "name": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "product_id": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/giflib-devel@5.2.1-9.el9.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product": { "name": "giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product_id": "giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/giflib@5.2.1-9.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product": { "name": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product_id": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/giflib-devel@5.2.1-9.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product": { "name": "giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product_id": "giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/giflib-utils@5.2.1-9.el9.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "giflib-0:5.2.1-9.el9.i686", "product": { "name": "giflib-0:5.2.1-9.el9.i686", "product_id": "giflib-0:5.2.1-9.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/almalinux/giflib@5.2.1-9.el9?arch=i686" } } }, { "category": "product_version", "name": "giflib-devel-0:5.2.1-9.el9.i686", "product": { "name": "giflib-devel-0:5.2.1-9.el9.i686", "product_id": "giflib-devel-0:5.2.1-9.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/almalinux/giflib-devel@5.2.1-9.el9?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "giflib-0:5.2.1-9.el9.x86_64", "product": { "name": "giflib-0:5.2.1-9.el9.x86_64", "product_id": "giflib-0:5.2.1-9.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/giflib@5.2.1-9.el9?arch=x86_64" } } }, { "category": "product_version", "name": "giflib-devel-0:5.2.1-9.el9.x86_64", "product": { "name": "giflib-devel-0:5.2.1-9.el9.x86_64", "product_id": "giflib-devel-0:5.2.1-9.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/giflib-devel@5.2.1-9.el9?arch=x86_64" } } }, { "category": "product_version", "name": "giflib-utils-0:5.2.1-9.el9.x86_64", "product": { "name": "giflib-utils-0:5.2.1-9.el9.x86_64", "product_id": "giflib-utils-0:5.2.1-9.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/giflib-utils@5.2.1-9.el9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "giflib-0:5.2.1-9.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.i686" }, "product_reference": "giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64" }, "product_reference": "giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686" }, "product_reference": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64" }, "product_reference": "giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64" }, "product_reference": "giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-0:5.2.1-9.el9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.i686" }, "product_reference": "giflib-0:5.2.1-9.el9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-0:5.2.1-9.el9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.x86_64" }, "product_reference": "giflib-0:5.2.1-9.el9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-devel-0:5.2.1-9.el9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.i686" }, "product_reference": "giflib-devel-0:5.2.1-9.el9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-devel-0:5.2.1-9.el9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.x86_64" }, "product_reference": "giflib-devel-0:5.2.1-9.el9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "giflib-utils-0:5.2.1-9.el9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.x86_64" }, "product_reference": "giflib-utils-0:5.2.1-9.el9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39742", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-39742" }, { "category": "external", "summary": "https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084", "url": "https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4RLSFGPBPR3FMIUJCWPGVIYIU35YGQX/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4RLSFGPBPR3FMIUJCWPGVIYIU35YGQX/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPNBOB65TEA4ZEPLVENI26BY4LEX7TEF/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPNBOB65TEA4ZEPLVENI26BY4LEX7TEF/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5WO6WL2TCGO6T4VKGACDIVSZI74WJAU/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5WO6WL2TCGO6T4VKGACDIVSZI74WJAU/" }, { "category": "external", "summary": "https://sourceforge.net/p/giflib/bugs/166/", "url": "https://sourceforge.net/p/giflib/bugs/166/" } ], "release_date": "2023-08-25T14:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "Ignored due to low severity", "product_ids": [ "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.x86_64" ] }, { "category": "no_fix_planned", "details": "CVE-2023-39742 is a local-only segmentation fault in giflib’s getarg.c, the command-line parser used by the giflib utilities rather than the core library, so exploitation simply crashes the invoked utility. It has no confidentiality or integrity impact and offers no remote or network-exposed vector, limiting the effect to a DoS by a user who can already execute the tool. Because these utilities are not long‑running services and execute only on demand in standard VM/server deployments, the practical risk is low and this issue can be safely deprioritized.", "product_ids": [ "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.i686", "AlmaLinux-9.2:giflib-devel-0:5.2.1-9.el9.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:giflib-utils-0:5.2.1-9.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }