SUSE has issued an advisory on May 30: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XPBVCIDM6CP4OMGHYXCEAOVLORKQFQP4/ The problem is fixed in version 1.95.
Status comment: (none) => Fixed upstream in 1.95Source RPM: (none) => gifsicle-1.93-2.mga9.src.rpmCVE: (none) => CVE-2023-46009
Suggested advisory: ======================== The updated package fixes a security vulnerability: gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. (CVE-2023-46009) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XPBVCIDM6CP4OMGHYXCEAOVLORKQFQP4/ ======================== Updated package in core/updates_testing: ======================== gifsicle-1.95-1.mga9 from SRPM: gifsicle-1.95-1.mga9.src.rpm
Assignee: bugsquad => qa-bugsStatus comment: Fixed upstream in 1.95 => (none)Status: NEW => ASSIGNED
Keywords: (none) => advisory
RH mageia 9 x86_64 Install current version LC_ALL=C urpmi gifsicle https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/gifsicle-1.93-2.mga9.x86_64.rpm installing gifsicle-1.93-2.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################## 1/1: gifsicle ################################################################################################## Try POC but look that this only produce the bad output if the application is build with ASAN becuase I have this output even after update gifsicle --crop 0,0-256,256 --crop-transparency --flip-vertical -i -p 1,1 --rotate-90 --resize=256x256 -o c poc-gifsicle-1.94-1 gifsicle:poc-gifsicle-1.94-1:#1: read error: unknown block type 0 at file offset 81 gifsicle:poc-gifsicle-1.94-1:#0: read error: missing 4743168 pixels of image data gifsicle:poc-gifsicle-1.94-1:#1: read error: image corrupted, min_code_size too small LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing gifsicle-1.95-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: gifsicle ################################################################################################## 1/1: removing gifsicle-1.93-2.mga9.x86_64 ################################################################################################## Reference bug#29458 comment#3 gifsicle --flip-h < original.gif > flip.gif flip.gif contents the fliped version of original.gif gifdiff original.gif flip.gif frame #0 pixels differ: 0,0 <#656565 >#717171 I not have animated gif to play Looks good to me
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0202.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED