DebianDEBIAN:DLA-2937-1:93B83[SECURITY] [DLA 2937-1] gif2apng security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
31.3%
Debian LTS Advisory DLA-2937-1 [email protected]
https://www.debian.org/lts/security/ Anton Gladky
March 07, 2022 https://wiki.debian.org/LTS
Package : gif2apng
Version : 1.9+srconly-2+deb9u2
CVE ID : CVE-2021-45909 CVE-2021-45910 CVE-2021-45911
Three issues have been discovered in gif2apng: tool for converting animated GIF images to APNG format.
CVE-2021-45909:
heap-based buffer overflow vulnerability in the DecodeLZW function.
It allows an attacker to write a large amount of arbitrary data outside the
boundaries of a buffer.
CVE-2021-45910:
heap-based buffer overflow within the main function. It allows an attacker
to write data outside of the allocated buffer.
CVE-2021-45911:
heap based buffer overflow in processing of delays in the main function.
For Debian 9 stretch, these problems have been fixed in version
1.9+srconly-2+deb9u2.
We recommend that you upgrade your gif2apng packages.
For the detailed security status of gif2apng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gif2apng
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | gif2apng | < 1.9+srconly-3+deb11u1 | gif2apng_1.9+srconly-3+deb11u1_all.deb |
| Debian | 9 | arm64 | gif2apng | < 1.9+srconly-2+deb9u2 | gif2apng_1.9+srconly-2+deb9u2_arm64.deb |
| Debian | 11 | i386 | gif2apng-dbgsym | < 1.9+srconly-3+deb11u1 | gif2apng-dbgsym_1.9+srconly-3+deb11u1_i386.deb |
| Debian | 10 | armel | gif2apng-dbgsym | < 1.9+srconly-2+deb10u1 | gif2apng-dbgsym_1.9+srconly-2+deb10u1_armel.deb |
| Debian | 10 | armhf | gif2apng | < 1.9+srconly-2+deb10u1 | gif2apng_1.9+srconly-2+deb10u1_armhf.deb |
| Debian | 11 | s390x | gif2apng-dbgsym | < 1.9+srconly-3+deb11u1 | gif2apng-dbgsym_1.9+srconly-3+deb11u1_s390x.deb |
| Debian | 9 | armel | gif2apng | < 1.9+srconly-2+deb9u2 | gif2apng_1.9+srconly-2+deb9u2_armel.deb |
| Debian | 11 | armhf | gif2apng-dbgsym | < 1.9+srconly-3+deb11u1 | gif2apng-dbgsym_1.9+srconly-3+deb11u1_armhf.deb |
| Debian | 10 | armhf | gif2apng-dbgsym | < 1.9+srconly-2+deb10u1 | gif2apng-dbgsym_1.9+srconly-2+deb10u1_armhf.deb |
| Debian | 10 | amd64 | gif2apng | < 1.9+srconly-2+deb10u1 | gif2apng_1.9+srconly-2+deb10u1_amd64.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
31.3%