gif2png: Multiple vulnerabilities

2012-03-16T00:00:00
ID GLSA-201203-15
Type gentoo
Reporter Gentoo Foundation
Modified 2012-03-16T00:00:00

Description

Background

gif2png converts images from GIF format to PNG format.

Description

Two vulnerabilities have been found in gif2png:

  • A boundary error in gif2png.c could cause a buffer overflow (CVE-2010-4694).
  • The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames (CVE-2010-4695).

Impact

A remote attacker could entice a user to open a specially crafted GIF file, possibly resulting in execution of arbitrary code, a Denial of Service condition, or the creation of PNG files in unintended directories.

Workaround

There is no known workaround at this time.

Resolution

All gif2png users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.8"