CVE-2015-7505: 
Linux Debian vulnerability analysis and mitigation

Stack-based buffer overflow vulnerability (CVE-2015-7505) affects the gif_next_LZW function in libnsgif.c in Libnsgif version 0.1.2. The vulnerability was disclosed in December 2015 and primarily impacts the NetSurf browser project which uses this library for GIF image decoding (Mailing List).

The vulnerability occurs in the gif_next_LZW function where it writes onto the stack as long as the 'code' value is at least 'clear_code'. The issue stems from insufficient bounds checking in the LZW decompression routine. The vulnerability has a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network vector, low attack complexity, no privileges required, and user interaction needed (NVD).

When successfully exploited, this vulnerability can lead to denial of service (application crash) or potentially allow arbitrary code execution when processing a specially crafted GIF file. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed in the git HEAD repository of libnsgif. Users and organizations should upgrade to a version newer than 0.1.2 that includes the security fix (Mailing List).