CVE-2010-4694

EUVD-2010-4659
Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
catbgif2png
𝑥
≤ 2.5.3
catbgif2png
0.99
catbgif2png
1.0.0
catbgif2png
1.1.0
catbgif2png
1.1.1
catbgif2png
1.2.0
catbgif2png
1.2.1
catbgif2png
1.2.2
catbgif2png
2.0.0
catbgif2png
2.0.1
catbgif2png
2.0.2
catbgif2png
2.0.3
catbgif2png
2.1.1
catbgif2png
2.1.2
catbgif2png
2.1.3
catbgif2png
2.2.0
catbgif2png
2.2.1
catbgif2png
2.2.2
catbgif2png
2.2.3
catbgif2png
2.2.4
catbgif2png
2.2.5
catbgif2png
2.3.0
catbgif2png
2.3.1
catbgif2png
2.3.2
catbgif2png
2.3.3
catbgif2png
2.4.0
catbgif2png
2.4.1
catbgif2png
2.4.2
catbgif2png
2.4.3
catbgif2png
2.4.4
catbgif2png
2.4.5
catbgif2png
2.4.6
catbgif2png
2.4.7
catbgif2png
2.5.0
catbgif2png
2.5.1
catbgif2png
2.5.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gif2png
artful
ignored
bionic
not-affected
dapper
ignored
hardy
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
http://bugs.gentoo.org/show_bug.cgi?id=346501
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
http://openwall.com/lists/oss-security/2010/11/21/1
http://openwall.com/lists/oss-security/2010/11/22/1
http://openwall.com/lists/oss-security/2010/11/22/12
http://openwall.com/lists/oss-security/2010/11/22/3
http://secunia.com/advisories/42796
http://security.gentoo.org/glsa/glsa-201101-01.xml
http://security.gentoo.org/glsa/glsa-201203-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
http://www.securityfocus.com/bid/45815
http://www.vupen.com/english/advisories/2010/3036
http://www.vupen.com/english/advisories/2011/0023
http://www.vupen.com/english/advisories/2011/0107
https://bugzilla.redhat.com/show_bug.cgi?id=547515
https://exchange.xforce.ibmcloud.com/vulnerabilities/64754
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
http://bugs.gentoo.org/show_bug.cgi?id=346501
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
http://openwall.com/lists/oss-security/2010/11/21/1
http://openwall.com/lists/oss-security/2010/11/22/1
http://openwall.com/lists/oss-security/2010/11/22/12
http://openwall.com/lists/oss-security/2010/11/22/3
http://secunia.com/advisories/42796
http://security.gentoo.org/glsa/glsa-201101-01.xml
http://security.gentoo.org/glsa/glsa-201203-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
http://www.securityfocus.com/bid/45815
http://www.vupen.com/english/advisories/2010/3036
http://www.vupen.com/english/advisories/2011/0023
http://www.vupen.com/english/advisories/2011/0107
https://bugzilla.redhat.com/show_bug.cgi?id=547515
https://exchange.xforce.ibmcloud.com/vulnerabilities/64754