CVE-2021-45909 — Out-of-bounds Write in Gif2apng

CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 45.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gif2apng Project Gif2apng Debian Gif2apng Debian Linux

Timeline

PublishedDec 28

Latest updateMar 23

Description

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/gif2apng< gif2apng 1.9+srconly-3+deb11u1 (bullseye)

▶Debiangif2apng_project/gif2apng< 1.9+srconly-3+deb11u1

▶Ubuntugif2apng_project/gif2apng< 1.9+srconly-2ubuntu0.1+2

▶NVDgif2apng_project/gif2apng1.9

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

gif2apng vulnerabilities↗2023-03-23

▶

GHSA

GHSA-c9fh-qp5h-24w7: An issue was discovered in gif2apng 1↗2021-12-29

▶

OSV

CVE-2021-45909: An issue was discovered in gif2apng 1↗2021-12-28

▶

📋Vendor Advisories

Ubuntu

gif2apng vulnerabilities↗2023-03-23

▶

Debian

CVE-2021-45909: gif2apng - An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow v...↗2021

▶