Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830138 (CVE-2021-45907, CVE-2021-45908, CVE-2021-45909, CVE-2021-45910, CVE-2021-45911) - media-gfx/gif2apng: multiple vulnerabilities
Summary: media-gfx/gif2apng: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2021-45907, CVE-2021-45908, CVE-2021-45909, CVE-2021-45910, CVE-2021-45911
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~2 [upstream?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-28 06:41 UTC by John Helmert III
Modified: 2021-12-28 06:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-28 06:41:35 UTC
CVE-2021-45907 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002669):

An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.

CVE-2021-45908 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002669):

An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.

CVE-2021-45909 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668):

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.

CVE-2021-45910 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002667):

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.

CVE-2021-45911 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002687):

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.