CVE-2010-4694

Description

Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

Affected products

• catb / gif2png2.5.3
• catb / gif2png0.99 – 0.99
• catb / gif2png1.0.0 – 1.0.0
• catb / gif2png1.1.0 – 1.1.0
• catb / gif2png1.1.1 – 1.1.1
• catb / gif2png1.2.0 – 1.2.0
• catb / gif2png1.2.1 – 1.2.1
• catb / gif2png1.2.2 – 1.2.2
• catb / gif2png2.0.0 – 2.0.0
• catb / gif2png2.0.1 – 2.0.1
• catb / gif2png2.0.2 – 2.0.2
• catb / gif2png2.0.3 – 2.0.3
• catb / gif2png2.1.1 – 2.1.1
• catb / gif2png2.1.2 – 2.1.2
• catb / gif2png2.1.3 – 2.1.3
• catb / gif2png2.2.0 – 2.2.0
• catb / gif2png2.2.1 – 2.2.1
• catb / gif2png2.2.2 – 2.2.2
• catb / gif2png2.2.3 – 2.2.3
• catb / gif2png2.2.4 – 2.2.4
• catb / gif2png2.2.5 – 2.2.5
• catb / gif2png2.3.0 – 2.3.0
• catb / gif2png2.3.1 – 2.3.1
• catb / gif2png2.3.2 – 2.3.2
• catb / gif2png2.3.3 – 2.3.3
• catb / gif2png2.4.0 – 2.4.0
• catb / gif2png2.4.1 – 2.4.1
• catb / gif2png2.4.2 – 2.4.2
• catb / gif2png2.4.3 – 2.4.3
• catb / gif2png2.4.4 – 2.4.4
• catb / gif2png2.4.5 – 2.4.5
• catb / gif2png2.4.6 – 2.4.6
• catb / gif2png2.4.7 – 2.4.7
• catb / gif2png2.5.0 – 2.5.0
• catb / gif2png2.5.1 – 2.5.1
• catb / gif2png2.5.2 – 2.5.2

References

• MISChttp://security.gentoo.org/glsa/glsa-201203-15.xml
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=547515
• MAILING_LISThttp://openwall.com/lists/oss-security/2010/11/22/12
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0023
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:009
• MAILING_LISThttp://openwall.com/lists/oss-security/2010/11/22/3
• VENDOR_ADVISORYhttp://secunia.com/advisories/42796
• MISChttp://bugs.gentoo.org/show_bug.cgi?id=346501
• MISChttp://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/64754
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/3036
• MISChttp://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup
• MAILING_LISThttp://openwall.com/lists/oss-security/2010/11/21/1
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0107
• MISChttp://security.gentoo.org/glsa/glsa-201101-01.xml
• MISChttp://www.securityfocus.com/bid/45815
• MAILING_LISThttp://openwall.com/lists/oss-security/2010/11/22/1
• VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html