CVE-2021-45907 — Out-of-bounds Write in Project Gif2apng

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 58.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gif2apng Project Gif2apng Debian Gif2apng

Timeline

PublishedDec 28

Latest updateDec 29

Description

An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/gif2apng

▶NVDgif2apng_project/gif2apng1.9

🔴Vulnerability Details

GHSA

GHSA-qq53-cmvg-m7m7: An issue was discovered in gif2apng 1↗2021-12-29

▶

OSV

CVE-2021-45907: An issue was discovered in gif2apng 1↗2021-12-28

▶

📋Vendor Advisories

Debian

CVE-2021-45907: gif2apng - An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow ...↗2021

▶