CVE-2021-45910Out-of-bounds Write in Gif2apng

CWE-787Out-of-bounds Write6 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 45.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gif2apng Project Gif2apngDebian Gif2apngDebian Linux
Timeline
PublishedDec 28
Latest updateMar 23

Description

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/gif2apng< gif2apng 1.9+srconly-3+deb11u1 (bullseye)
Debiangif2apng_project/gif2apng< 1.9+srconly-3+deb11u1
Ubuntugif2apng_project/gif2apng< 1.9+srconly-2ubuntu0.1+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
OSV
gif2apng vulnerabilities2023-03-23
GHSA
GHSA-jfjg-288w-6ffp: An issue was discovered in gif2apng 12021-12-29
OSV
CVE-2021-45910: An issue was discovered in gif2apng 12021-12-28

📋Vendor Advisories

2
Ubuntu
gif2apng vulnerabilities2023-03-23
Debian
CVE-2021-45910: gif2apng - An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow w...2021