Skip to content

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and...

Moderate severity Unreviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Jan 27, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

References

Published by the National Vulnerability Database Jan 14, 2011
Published to the GitHub Advisory Database May 17, 2022
Last updated Jan 27, 2023

Severity

Moderate

EPSS score

0.818%
(82nd percentile)

Weaknesses

CVE ID

CVE-2010-4695

GHSA ID

GHSA-crj4-gj97-jggx

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.