gif2png: Multiple vulnerabilities

gif2png: Multiple vulnerabilities Multiple vulnerabilities have been found in gif2png, the worst of which might allow execution of arbitrary code. gif2png 2012-03-16 2012-03-16 351698 remote 2.5.8 2.5.8

gif2png converts images from GIF format to PNG format.

Two vulnerabilities have been found in gif2png:

A boundary error in gif2png.c could cause a buffer overflow (CVE-2010-4694).
The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames (CVE-2010-4695).

A remote attacker could entice a user to open a specially crafted GIF file, possibly resulting in execution of arbitrary code, a Denial of Service condition, or the creation of PNG files in unintended directories.

There is no known workaround at this time.

All gif2png users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.8"

CVE-2010-4694 CVE-2010-4695 ackle ackle