6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.4%
gif2png is a command line program that converts image files from the Graphics Interchange Format (GIF) format to the Portable Network Graphics (PNG) format.
gif2png contains a command line parsing vulnerability that may result in a stack overflow due to an unexpectedly long input filename.
A remote attacker could entice a user to open a specially crafted image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Note that applications relying on gif2png to process images can also trigger the vulnerability.
There is no known workaround at this time.
All gif2png users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.1-r1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-gfx/gif2png | < 2.5.1-r1 | UNKNOWN |