Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-5018

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

Published

2011-01-14T17:00:02.497

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	catb	gif2png	≤ 2.5.3	Yes
Application	catb	gif2png	0.99	Yes
Application	catb	gif2png	1.0.0	Yes
Application	catb	gif2png	1.1.0	Yes
Application	catb	gif2png	1.1.1	Yes
Application	catb	gif2png	1.2.0	Yes
Application	catb	gif2png	1.2.1	Yes
Application	catb	gif2png	1.2.2	Yes
Application	catb	gif2png	2.0.0	Yes
Application	catb	gif2png	2.0.1	Yes
Application	catb	gif2png	2.0.2	Yes
Application	catb	gif2png	2.0.3	Yes
Application	catb	gif2png	2.1.1	Yes
Application	catb	gif2png	2.1.2	Yes
Application	catb	gif2png	2.1.3	Yes
Application	catb	gif2png	2.2.0	Yes
Application	catb	gif2png	2.2.1	Yes
Application	catb	gif2png	2.2.2	Yes
Application	catb	gif2png	2.2.3	Yes
Application	catb	gif2png	2.2.4	Yes
Application	catb	gif2png	2.2.5	Yes
Application	catb	gif2png	2.3.0	Yes
Application	catb	gif2png	2.3.1	Yes
Application	catb	gif2png	2.3.2	Yes
Application	catb	gif2png	2.3.3	Yes
Application	catb	gif2png	2.4.0	Yes
Application	catb	gif2png	2.4.1	Yes
Application	catb	gif2png	2.4.2	Yes
Application	catb	gif2png	2.4.3	Yes
Application	catb	gif2png	2.4.4	Yes
Application	catb	gif2png	2.4.5	Yes
Application	catb	gif2png	2.4.6	Yes
Application	catb	gif2png	2.4.7	Yes
Application	catb	gif2png	2.5.0	Yes
Application	catb	gif2png	2.5.1	Yes
Application	catb	gif2png	2.5.2	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 Patch ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=346501 ([email protected])
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log Patch ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html Patch ([email protected])
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html Patch ([email protected])
http://openwall.com/lists/oss-security/2010/11/21/1 Patch ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/1 Patch ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/12 ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/3 ([email protected])
http://secunia.com/advisories/42796 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-201101-01.xml ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009 ([email protected])
http://www.securityfocus.com/bid/41801 ([email protected])
http://www.vupen.com/english/advisories/2010/3036 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0023 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0107 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=547515 Exploit, Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/64820 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.gentoo.org/show_bug.cgi?id=346501 (af854a3a-2127-422b-91ae-364da2661108)
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/21/1 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/1 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/12 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/3 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42796 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201101-01.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41801 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3036 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0023 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0107 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=547515 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64820 (af854a3a-2127-422b-91ae-364da2661108)