Package name
gif2png
Date
2011-01-14
Advisory ID
MDVSA-2011:009
Affected versions
2009.0 x86_64 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in gif2png:

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier
might allow context-dependent attackers to execute arbitrary code
via a long command-line argument, as demonstrated by a CGI program
that launches gif2png (CVE-2009-5018).

Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow
context-dependent attackers to cause a denial of service (application
crash) or have unspecified other impact via a GIF file that contains
many images, leading to long extensions such as .p100 for PNG output
files, as demonstrated by a CGI program that launches gif2png,
a different vulnerability than CVE-2009-5018 (CVE-2010-4694).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 001e10adb1f8d4e979161b5598ce757b  2009.0/x86_64/gif2png-2.5.1-4.1mdv2009.0.x86_64.rpm 
 5cfa8cf8ed1cee759d0483bd27d78a10  2009.0/SRPMS/gif2png-2.5.1-4.1mdv2009.0.src.rpm

2010.0 x86_64

 c25ad03c6914525e69544d064929c253  2010.0/x86_64/gif2png-2.5.1-6.1mdv2010.0.x86_64.rpm 
 2eb73d21b89309cf6a417d131c217a9e  2010.0/SRPMS/gif2png-2.5.1-6.1mdv2010.0.src.rpm

2010.1 i586

 351ca35a5a9869a1ea078fa61ae1bba4  2010.1/i586/gif2png-2.5.2-2.1mdv2010.2.i586.rpm 
 1288d1f24726c3cc4782ef30f120748d  2010.1/SRPMS/gif2png-2.5.2-2.1mdv2010.2.src.rpm

2010.0 i586

 0a4de7448cecc56c05e6cf6a08e85395  2010.0/i586/gif2png-2.5.1-6.1mdv2010.0.i586.rpm 
 2eb73d21b89309cf6a417d131c217a9e  2010.0/SRPMS/gif2png-2.5.1-6.1mdv2010.0.src.rpm

2009.0 i586

 ad8928a60b604f88f26c2afc05af1b60  2009.0/i586/gif2png-2.5.1-4.1mdv2009.0.i586.rpm 
 5cfa8cf8ed1cee759d0483bd27d78a10  2009.0/SRPMS/gif2png-2.5.1-4.1mdv2009.0.src.rpm

2010.1 x86_64

 5486b74d0f270b32f042a056235d068e  2010.1/x86_64/gif2png-2.5.2-2.1mdv2010.2.x86_64.rpm 
 1288d1f24726c3cc4782ef30f120748d  2010.1/SRPMS/gif2png-2.5.2-2.1mdv2010.2.src.rpm

References