GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Mar 16, 2012 1:26 pm Post subject: [ GLSA 201203-15 ] gif2png: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: gif2png: Multiple vulnerabilities (GLSA 201203-15)
Severity: normal
Exploitable: remote
Date: March 16, 2012
Bug(s): #351698
ID: 201203-15
Synopsis
Multiple vulnerabilities have been found in gif2png, the worst of
which might allow execution of arbitrary code.
Background
gif2png converts images from GIF format to PNG format.
Affected Packages
Package: media-gfx/gif2png
Vulnerable: < 2.5.8
Unaffected: >= 2.5.8
Architectures: All supported architectures
Description
Two vulnerabilities have been found in gif2png: - A boundary error in gif2png.c could cause a buffer overflow
(CVE-2010-4694).
- The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames
(CVE-2010-4695).
Impact
A remote attacker could entice a user to open a specially crafted GIF
file, possibly resulting in execution of arbitrary code, a Denial of
Service condition, or the creation of PNG files in unintended
directories.
Workaround
There is no known workaround at this time.
Resolution
All gif2png users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.8"
|
References
CVE-2010-4694
CVE-2010-4695
Last edited by GLSA on Thu Jun 05, 2014 4:31 am; edited 2 times in total |
|
News & Announcements
