CVE-2010-4695

Exploit

EPSS 0.54%
Veröffentlicht 14.01.2011 18:00:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Catb ≫ Gif2png Version2.5.1

Debian ≫ Linux
Redhat ≫ Fedora Version12

Catb ≫ Gif2png Version2.5.2

Debian ≫ Linux
Redhat ≫ Fedora Version12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.648

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978

http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html

https://bugzilla.redhat.com/show_bug.cgi?id=547515

Exploit

http://security.gentoo.org/glsa/glsa-201203-15.xml

http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&r1=1.1&r2=1.2

Patch

Exploit

http://www.securityfocus.com/bid/45920

https://exchange.xforce.ibmcloud.com/vulnerabilities/64819

https://nvd.nist.gov/vuln/detail/CVE-2010-4695