Codres Bogdan

Hello @hartwork. I can confirm that with the POC for CVE-2022-28506 I have the issue in the same spot from DumpScreen2RGB as in CVE-2023-48161. gif2rgb -o out giflib_poc_CVE-2022-28506 ================================================================= ==402==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000001e0 at pc 0x55c692693314 bp 0x7ffdc4eb6300 sp 0x7ffdc4eb62f0 READ of size 1 at 0x6020000001e0 thread T0 #0 0x55c692693313 in DumpScreen2RGB ../../giflib-5.1.4/util/gif2rgb.c:323...

@hartwork @esr I've found another duplicate of this bug. Is CVE-2024-45993 https://gitlab.com/mthandazo/project-pov I've tested without the patch with the sample from the link above and the error is the same. With the patch the issue is not reproducible anymore. gif2rgb -o out poc_CVE-2024-45993 gif2rgb: Image is defective, decoding aborted Bogdan

Hello ! Yes, I can confirm that those 2 CVE's are the same. CVE-2025-31344 seems to be a duplicate of CVE-2023-48161.

Hello @esr @hartwork Yes, I've doubled check the issue and indeed my initial patch solve some memory leaks. I've attached a new patch that should solve the issue. It's actually a similar patch as CVE-2022-28506 After applying the patch I do not have the issue anymore: gif2rgb -o out POC_crash_CVE-2023-48161 gif2rgb: Image is defective, decoding aborted Can you provide me feedback ? Bogdan.

THis patch is created based on the latest version ...

Hello Eric ! Unfortunately, I still have this error even after I've applied this patch and some others. The fix for me was to free "Buffers". Please find attached the patch.