CVE-2021-45910

Name	CVE-2021-45910
Description	An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2937-1
Debian Bugs	1002667

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gif2apng (PTS)	jessie	1.7-3	vulnerable
	stretch (security), stretch (lts), stretch	1.9+srconly-2+deb9u2	fixed
	buster	1.9+srconly-2+deb10u1	fixed
	bullseye	1.9+srconly-3+deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gif2apng	source	jessie	(unfixed)	end-of-life
gif2apng	source	stretch	1.9+srconly-2+deb9u2		DLA-2937-1
gif2apng	source	buster	1.9+srconly-2+deb10u1
gif2apng	source	bullseye	1.9+srconly-3+deb11u1
gif2apng	source	(unstable)	(unfixed)			1002667