CVE-2021-45909

Name	CVE-2021-45909
Description	An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2937-1
Debian Bugs	1002668

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gif2apng (PTS)	jessie	1.7-3	vulnerable
	stretch (security), stretch (lts), stretch	1.9+srconly-2+deb9u2	fixed
	buster	1.9+srconly-2+deb10u1	fixed
	bullseye	1.9+srconly-3+deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gif2apng	source	jessie	(unfixed)	end-of-life
gif2apng	source	stretch	1.9+srconly-2+deb9u2		DLA-2937-1
gif2apng	source	buster	1.9+srconly-2+deb10u1
gif2apng	source	bullseye	1.9+srconly-3+deb11u1
gif2apng	source	(unstable)	(unfixed)			1002668