CVE-2021-45907 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002669): An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. CVE-2021-45908 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002669): An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. CVE-2021-45909 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668): An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. CVE-2021-45910 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002667): An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. CVE-2021-45911 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002687): An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da55a3f4fd94d954b5f044f6b9dc886c38fb1238 commit da55a3f4fd94d954b5f044f6b9dc886c38fb1238 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-16 20:48:14 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-16 20:52:09 +0000 profiles: last rite gif2apng Bug: https://bugs.gentoo.org/830138 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4d2c0e07411617118ee243e79284dac8ceba2a8 commit c4d2c0e07411617118ee243e79284dac8ceba2a8 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-09-18 21:11:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-18 21:12:53 +0000 media-gfx/gif2apng: treeclean Bug: https://bugs.gentoo.org/830138 Signed-off-by: John Helmert III <ajak@gentoo.org> media-gfx/gif2apng/Manifest | 1 - .../gif2apng/files/gif2apng-1.9-makefile.patch | 18 ---------- media-gfx/gif2apng/gif2apng-1.9-r1.ebuild | 38 ---------------------- media-gfx/gif2apng/metadata.xml | 8 ----- profiles/package.mask | 9 ++--- 5 files changed, 2 insertions(+), 72 deletions(-)
