This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201101-01
(gif2png: User-assisted execution of arbitrary code)
gif2png contains a command line parsing vulnerability that may result
in a stack overflow due to an unexpectedly long input filename.
A remote attacker could entice a user to open a specially crafted
image, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.
Note that applications relying on gif2png to process images can also
trigger the vulnerability.
There is no known workaround at this time.
See also :
All gif2png users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-gfx/gif2png-2.5.1-r1'
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.3
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 51416 ()
Bugtraq ID: 41801
CVE ID: CVE-2009-5018
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.