CVE-2021-45909

EUVD-2021-32624
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
gif2apng_projectgif2apng
1.9
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gif2apng
bullseye
1.9+srconly-3+deb11u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gif2apng
bionic
Fixed 1.9+srconly-2ubuntu0.1
released
focal
Fixed 1.9+srconly-3ubuntu0.1
released
hirsute
ignored
impish
ignored
trusty
ignored
xenial
Fixed 1.7-3ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668
https://lists.debian.org/debian-lts-announce/2022/03/msg00008.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668
https://lists.debian.org/debian-lts-announce/2022/03/msg00008.html