Debian Security Advisory
DLA-2937-1 gif2apng -- LTS security update
- Date Reported:
- 07 Mar 2022
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2021-45909, CVE-2021-45910, CVE-2021-45911.
- More information:
Three issues have been discovered in gif2apng: tool for converting animated GIF images to APNG format.
heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer.
heap based buffer overflow in processing of delays in the main function.
For Debian 9 stretch, these problems have been fixed in version 1.9+srconly-2+deb9u2.
We recommend that you upgrade your gif2apng packages.
For the detailed security status of gif2apng please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gif2apng
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS