-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2937-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky March 07, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : gif2apng Version : 1.9+srconly-2+deb9u2 CVE ID : CVE-2021-45909 CVE-2021-45910 CVE-2021-45911 Three issues have been discovered in gif2apng: tool for converting animated GIF images to APNG format. CVE-2021-45909: heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. CVE-2021-45910: heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. CVE-2021-45911: heap based buffer overflow in processing of delays in the main function. For Debian 9 stretch, these problems have been fixed in version 1.9+srconly-2+deb9u2. We recommend that you upgrade your gif2apng packages. For the detailed security status of gif2apng please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gif2apng Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmImdoQACgkQ0+Fzg8+n /wbvAg/+LspuBOfueBg5GA8jDAA0PqCGXmapRCum8CCjAhkUUtJP3lzYRE4gvOWI KkmyuIdkMRo14yhMO+p9WAAJtZsgbGRAvZeNSOMR2bB1uGth2grOHMiHjr3sLeSI qIrChDhR/f+9aSKdGOmmke6D06Tk8eCihn8/ew+3bAMdHj/Y7vGBejNQeaebUg5Y Km+L04vM77snlpFsT3tMBqwBjP1cWYPM17TZlEdJ8W6pz1pxFa9aeIf6aiWA3xlZ BoCWipNgrUh5y7x3DG9RzsYgIgxHM745TndFjHwY6PJzUogqEOch+IN+9Pdun2/o REZHCyandnPXL/lPnAClPaMr+WktF2Qg34thDdaNdkjvjbhjjzJFWcMkCtaBpzVI vjkaLWAtKBTO70yiNNNZ6rc4zjDcDgCRyIOxYLleAR0blwWe67ALfq/4oLzAvESU IsFlni1wE1SS09WIXPCoXL4Td4fyJGmiLI3M+nzU7j3gEoTaSCf6Q0+LkZBQ5ccW 4SiDxbVFWh70NLZ638hO6WWY9Lp6oPaWS3jOaYF2sxPKlea9AiGqsuLw3W1Sg6Jl DOg54py33bayWD3iX1+V0nVVMkNZhBjvYcVBwZe6iBOObvj1w6FSBypLZEc0/uOa QJKQqHnC5VDEYs4u2oN3O5oYsxlkOH3Zvl9sLqFO9FBNfqVldSY= =za4R -----END PGP SIGNATURE-----