From the Secunia advisory at http://secunia.com/advisories/42339/:
Fedora has issued an update for gif2png. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise
a vulnerable system.
The vulnerability is caused due to a boundary error when processing
overly long command line arguments. This can be exploited to e.g.
cause a stack-based buffer overflow by passing specially crafted
filenames to the application.
There is a patch at http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup.
If I read the patch correctly, upstream's 2.5.3 is still vulnerable.
Rating B2 since there appears to be many web applications using this app; and [ebuild] since we have a patch for 2.5.3.
*gif2png-2.5.1-r1 (03 Dec 2010)
03 Dec 2010; Markus Meier <firstname.lastname@example.org> +gif2png-2.5.1-r1.ebuild,
fix overflow bug #346501
Arches, please test and mark stable:
Target keywords : "amd64 ppc ppc64 sparc x86"
Archtested on x86: Everything fine
x86 stable, thanks David
amd64 done. Thanks Agostino
Stable for PPC.
GLSA Request filed.
Thanks, folks. This is GLSA 201101-01.
*** Bug 374641 has been marked as a duplicate of this bug. ***