Joined: 12 May 2004
|Posted: Fri Mar 16, 2012 1:26 pm Post subject: [ GLSA 201203-15 ] gif2png: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: gif2png: Multiple vulnerabilities (GLSA 201203-15)
Date: March 16, 2012
Multiple vulnerabilities have been found in gif2png, the worst of
which might allow execution of arbitrary code.
gif2png converts images from GIF format to PNG format.
Vulnerable: < 2.5.8
Unaffected: >= 2.5.8
Architectures: All supported architectures
Two vulnerabilities have been found in gif2png:
- A boundary error in gif2png.c could cause a buffer overflow
- The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames
A remote attacker could entice a user to open a specially crafted GIF
file, possibly resulting in execution of arbitrary code, a Denial of
Service condition, or the creation of PNG files in unintended
There is no known workaround at this time.
All gif2png users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.8"
Last edited by GLSA on Thu Jun 05, 2014 4:31 am; edited 2 times in total