CVE-2017-6961

MEDIUM

apng2gif 1.7 - Memory Corruption

Title source: llm

Description

An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate.

References (1)

[Issue Tracking, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854441

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 33.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-20

Status published

Affected Products (2)

apng2gif_project/apng2gif

n/a/n/a

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026