The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.
References
| Link | Resource |
|---|---|
| http://web.archive.org/web/20150801185019/ | Broken Link |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002739 | Exploit Mailing List Third Party Advisory |
| https://www.abdn.ac.uk/tools/ibmpc/giftrans/index.hti | Broken Link |
Configurations
History
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-1284 |
Information
Published : 2022-01-01 21:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-45972
Mitre link : CVE-2021-45972
CVE.ORG link : CVE-2021-45972
JSON object : View
Products Affected
debian
- debian_linux
giftrans_project
- giftrans
CWE
CWE-1284
Improper Validation of Specified Quantity in Input