Description
Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
References (19)
Core 19
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201203-15.xml
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=547515
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/22/12
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0023
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/22/3
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42796
Patch x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=346501
Patch x_refsource_confirm
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64754
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3036
Patch x_refsource_confirm
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup
Exploit, Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/21/1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0107
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201101-01.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45815
Exploit, Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/22/1
Patch x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Patch vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
Scores
EPSS
0.0201
EPSS Percentile
78.5%
Details
CWE
CWE-119
Status
published
Products (36)
catb/gif2png
0.99
catb/gif2png
1.0.0
catb/gif2png
1.1.0
catb/gif2png
1.1.1
catb/gif2png
1.2.0
catb/gif2png
1.2.1
catb/gif2png
1.2.2
catb/gif2png
2.0.0
catb/gif2png
2.0.1
catb/gif2png
2.0.2
... and 26 more
Published
Jan 14, 2011
Tracked Since
Feb 18, 2026