Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2011:009: gif2png

Recommended Posts

A vulnerability has been found and corrected in gif2png:

 

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier

might allow context-dependent attackers to execute arbitrary code

via a long command-line argument, as demonstrated by a CGI program

that launches gif2png (CVE-2009-5018).

 

Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow

context-dependent attackers to cause a denial of service (application

crash) or have unspecified other impact via a GIF file that contains

many images, leading to long extensions such as .p100 for PNG output

files, as demonstrated by a CGI program that launches gif2png,

a different vulnerability than CVE-2009-5018 (CVE-2010-4694).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct this issue.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...