gif2png: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201203-15 / gif2png
||March 16, 2012
||March 16, 2012: 1
All supported architectures
Multiple vulnerabilities have been found in gif2png, the worst of
which might allow execution of arbitrary code.
gif2png converts images from GIF format to PNG format.
Two vulnerabilities have been found in gif2png:
- A boundary error in gif2png.c could cause a buffer overflow
- The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames
A remote attacker could entice a user to open a specially crafted GIF
file, possibly resulting in execution of arbitrary code, a Denial of
Service condition, or the creation of PNG files in unintended
There is no known workaround at this time.
All gif2png users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/gif2png-2.5.8"