What is CVE-2009-5018?

CVE-2009-5018 is a vulnerability in Catb Gif2png, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-01-14.

Is CVE-2009-5018 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Catb Gif2png

CVE-2009-5018

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

Vulnerability class: Buffer Overflow

EPSS: 0.221 (95.9th percentile) — read the EPSS interpretation.

Affected products

Catb Gif2png — versions 0.99, 1.0.0, 1.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
[oss-security] 20101122 Re: CVE Request: gif2png: command-line buffer overflow problem (mailing-list, x_refsource_MLIST)
ADV-2011-0023 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
MDVSA-2011:009 (vendor-advisory, x_refsource_MANDRIVA)
[oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem (mailing-list, x_refsource_MLIST)
42796 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
41801 (vdb-entry, x_refsource_BID)
ADV-2010-3036 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)

Frequently asked questions

What is CVE-2009-5018?: CVE-2009-5018 is a vulnerability in Catb Gif2png, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-01-14.
Is CVE-2009-5018 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.