Fix CVE-2023-39742

CVE-2023-39742.patch

@@ -0,0 +1,24 @@
+Description: Fix segmentation faults due to non correct checking for args
+Author: David Suárez <david.sephirot@gmail.com>
+Origin: vendor
+Bug: https://sourceforge.net/p/giflib/bugs/153/
+Bug-Debian: https://bugs.debian.org/715963
+Bug-Debian: https://bugs.debian.org/715964
+Bug-Debian: https://bugs.debian.org/715967
+Last-Update: 2020-12-20
+
+--- a/getarg.c
++++ b/getarg.c
+@@ -305,6 +305,12 @@
+     int i = 0, ScanRes;
+ 
+     while (!(ISSPACE(CtrlStrCopy[i]))) {
++
++        if ((*argv) == argv_end) {
++            GAErrorToken = Option;
++            return CMD_ERR_NumRead;
++        }
++
+         switch (CtrlStrCopy[i + 1]) {
+           case 'd':    /* Get signed integers. */
+               ScanRes = sscanf(*((*argv)++), "%d",

giflib.spec

@@ -1,6 +1,6 @@
 Name:          giflib
 Version:       5.2.1
-Release:       3
+Release:       4
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@@ -10,6 +10,7 @@ Patch6001:     giflib_quantize.patch
 Patch6002:     giflib_coverity.patch
 Patch6003:     giflib_html-docs-consistent-ids.patch
 Patch6004:     CVE-2022-28506.patch
+Patch6005:     CVE-2023-39742.patch
 
 BuildRequires: make xmlto gcc
 provides:      giflib-utils = %{name}-%{version}
@@ -67,6 +68,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a
 %{_bindir}/gif*
 
 %changelog
+* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-4
+- Fix CVE-2023-39742
+
 * Thu Jun 16 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-3
 - fix CVE-2022-28506