I see, well according to the bug report, its fixed in 2.5.2-1. I tested that version itself and sadly the fix isn't there. On Sun, Dec 13, 2009 at 1:29 AM, Patroklos Argyroudis <argp at census-labs.com>wrote: ><i> On Sat, Dec 12, 2009 at 10:59:28PM +0200, Razuel Akaharnath wrote: </I>><i> > DESCRIPTION: </I>><i> > "The gif2png program converts files from the obsolescent Graphic </I>><i> Interchange </I>><i> > Format to Portable Network Graphics <http://www.libpng.org/pub/png/>. </I>><i> The </I>><i> > conversion preserves all graphic information, including transparency, </I>><i> > perfectly. The gif2png program can even recover data from corrupted </I>><i> GIFs." </I>><i> > </I>><i> > homepage: http://catb.org/~esr/gif2png/<http://catb.org/%7Eesr/gif2png/>< </I>><i> http://catb.org/%7Eesr/gif2png/> </I>><i> > </I>><i> > VULNERABILITY: </I>><i> > gif2png does not perform proper bounds checking on the size of input </I>><i> > filename. The buffer (1025 in size) is easily overrun with a strcpy </I>><i> > function. </I>><i> > </I>><i> > AFFECTED VERSION: </I>><i> > latest: 2.5.2 </I>><i> </I>><i> I have reported this to Debian about two months ago: </I>><i> </I>><i> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 </I>><i> </I>><i> -- </I>><i> Patroklos Argyroudis </I>><i> http://www.census-labs.com/ </I>><i> </I>-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091213/c04218ac/attachment.html