Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4694

Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

Published

2011-01-14T18:00:01.497

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	catb	gif2png	≤ 2.5.3	Yes
Application	catb	gif2png	0.99	Yes
Application	catb	gif2png	1.0.0	Yes
Application	catb	gif2png	1.1.0	Yes
Application	catb	gif2png	1.1.1	Yes
Application	catb	gif2png	1.2.0	Yes
Application	catb	gif2png	1.2.1	Yes
Application	catb	gif2png	1.2.2	Yes
Application	catb	gif2png	2.0.0	Yes
Application	catb	gif2png	2.0.1	Yes
Application	catb	gif2png	2.0.2	Yes
Application	catb	gif2png	2.0.3	Yes
Application	catb	gif2png	2.1.1	Yes
Application	catb	gif2png	2.1.2	Yes
Application	catb	gif2png	2.1.3	Yes
Application	catb	gif2png	2.2.0	Yes
Application	catb	gif2png	2.2.1	Yes
Application	catb	gif2png	2.2.2	Yes
Application	catb	gif2png	2.2.3	Yes
Application	catb	gif2png	2.2.4	Yes
Application	catb	gif2png	2.2.5	Yes
Application	catb	gif2png	2.3.0	Yes
Application	catb	gif2png	2.3.1	Yes
Application	catb	gif2png	2.3.2	Yes
Application	catb	gif2png	2.3.3	Yes
Application	catb	gif2png	2.4.0	Yes
Application	catb	gif2png	2.4.1	Yes
Application	catb	gif2png	2.4.2	Yes
Application	catb	gif2png	2.4.3	Yes
Application	catb	gif2png	2.4.4	Yes
Application	catb	gif2png	2.4.5	Yes
Application	catb	gif2png	2.4.6	Yes
Application	catb	gif2png	2.4.7	Yes
Application	catb	gif2png	2.5.0	Yes
Application	catb	gif2png	2.5.1	Yes
Application	catb	gif2png	2.5.2	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 Patch ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=346501 Patch ([email protected])
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup Patch ([email protected])
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log Patch ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html Patch ([email protected])
http://openwall.com/lists/oss-security/2010/11/21/1 Exploit, Patch ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/1 Exploit, Patch ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/12 ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/3 ([email protected])
http://secunia.com/advisories/42796 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-201101-01.xml ([email protected])
http://security.gentoo.org/glsa/glsa-201203-15.xml ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009 ([email protected])
http://www.securityfocus.com/bid/45815 ([email protected])
http://www.vupen.com/english/advisories/2010/3036 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0023 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0107 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=547515 Exploit, Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/64754 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.gentoo.org/show_bug.cgi?id=346501 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup Patch (af854a3a-2127-422b-91ae-364da2661108)
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/21/1 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/1 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/12 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/3 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42796 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201101-01.xml (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201203-15.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45815 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3036 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0023 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0107 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=547515 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64754 (af854a3a-2127-422b-91ae-364da2661108)