Re: [oss-security] CVE Request: gif2png: command-line buffer overflow problem

> How could this possibly be exploited?  If you can trick a user into
> running gif2png [exploit payload], then that user has already lost.

It was reported that some CGI scripts/etc use it automatically so by
using a long file name it may be possible.

Personally I'm not worried but Debian/Fedora have fixed it as a
security issue so if that is the case a CVE would be nice for tracking
purposes.

> See also:
> make `perl -e 'print "A"x10000'`
>
> -Dan

-- Kurt Seifried kurt@seifried.org tel: 1-703-879-3176

• This message: [ Message body ]
• Next message: Benji: "Re: [oss-security] CVE Request: gif2png: command-line buffer overflow problem"
• Previous message: Pierre Joye: "[oss-security] Re: NULL byte poisoning fix in php 5.3.4+"
• In reply to: Dan Rosenberg: "Re: [oss-security] CVE Request: gif2png: command-line buffer overflow problem"
• Next in thread: Steven M. Christey: "Re: [oss-security] CVE Request: gif2png: command-line buffer overflow problem"
• Reply: Steven M. Christey: "Re: [oss-security] CVE Request: gif2png: command-line buffer overflow problem"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]