Posted by Hans Jerry Illikainen on Dec 16

Overview
========

Libnsgif[1] is a decoding library for GIF images. It is primarily
developed and used as part of the NetSurf project.

As of version 0.1.2, libnsgif is vulnerable to a stack overflow
(CVE-2015-7505) and an out-of-bounds read (CVE-2015-7506) due to the way
LZW-compressed GIF data is processed.

Details
=======

src/libnsgif.c #80..133:
,—-
| /* Maximum LZW bits available
| */
| #define GIF_MAX_LZW 12
| […]
| static int…