MidnightBSD

Advisories for catb

CVE-2009-5018 MEDIUM

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
catb gif2png 1.0.0
catb gif2png 2.0.1
catb gif2png 2.4.4
catb gif2png 2.2.5
catb gif2png 1.2.2
catb gif2png 2.0.0
catb gif2png 2.3.1
catb gif2png 2.4.3
catb gif2png 2.2.0
catb gif2png 2.2.2
catb gif2png 2.3.3
catb gif2png 2.1.3
catb gif2png 2.5.2
catb gif2png 0.99
catb gif2png 2.3.0
catb gif2png 2.4.2
catb gif2png 2.0.3
catb gif2png 1.1.1
catb gif2png 1.2.0
catb gif2png 2.1.2
catb gif2png 2.2.4
catb gif2png 2.4.0
catb gif2png 2.4.5
catb gif2png 2.4.6
catb gif2png 2.0.2
catb gif2png 1.2.1
catb gif2png 2.3.2
catb gif2png *
catb gif2png 2.4.7
catb gif2png 2.5.1
catb gif2png 2.2.1
catb gif2png 2.4.1
catb gif2png 2.2.3
catb gif2png 2.1.1
catb gif2png 2.5.0
catb gif2png 1.1.0
CVE-2010-4694 MEDIUM

Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
catb gif2png 1.0.0
catb gif2png 2.0.1
catb gif2png 2.4.4
catb gif2png 2.2.5
catb gif2png 1.2.2
catb gif2png 2.0.0
catb gif2png 2.3.1
catb gif2png 2.4.3
catb gif2png 2.2.0
catb gif2png 2.2.2
catb gif2png 2.3.3
catb gif2png 2.1.3
catb gif2png 2.5.2
catb gif2png 0.99
catb gif2png 2.3.0
catb gif2png 2.4.2
catb gif2png 2.0.3
catb gif2png 1.1.1
catb gif2png 1.2.0
catb gif2png 2.1.2
catb gif2png 2.2.4
catb gif2png 2.4.0
catb gif2png 2.4.5
catb gif2png 2.4.6
catb gif2png 2.0.2
catb gif2png 1.2.1
catb gif2png 2.3.2
catb gif2png *
catb gif2png 2.4.7
catb gif2png 2.5.1
catb gif2png 2.2.1
catb gif2png 2.4.1
catb gif2png 2.2.3
catb gif2png 2.1.1
catb gif2png 2.5.0
catb gif2png 1.1.0
CVE-2010-4695 MEDIUM

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
catb gif2png 2.5.1
catb gif2png 2.5.2