CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

Published: Jan 1, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-45972
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

CWEs:

CWE-787
CWE-1284

Affected Software
References

Software	From	Fixed in
giftrans_project / giftrans	1.12.2	1.12.2.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

http://web.archive.org/web/20150801185019/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002739
https://www.abdn.ac.uk/tools/ibmpc/giftrans/index.hti

Vulnerability Database

CVE-2021-45972