What is the severity of CVE-2010-4695?

CVE-2010-4695 is classified as a medium severity vulnerability due to its potential for directory traversal attacks.

How do I fix CVE-2010-4695?

To fix CVE-2010-4695, update gif2png to version 2.5.3 or later, which addresses the truncation issue.

What software versions are affected by CVE-2010-4695?

CVE-2010-4695 affects gif2png versions 2.5.1 and 2.5.2.

Can CVE-2010-4695 lead to remote code execution?

CVE-2010-4695 does not directly lead to remote code execution, but it may allow unauthorized file manipulation.

Is CVE-2010-4695 specific to any operating system?

CVE-2010-4695 has been noted in Fedora 12 and Debian distributions.

Vulnerability/
CVE-2010-4695

medium

CWE

119

14/10/2009

17/8/2017

CVE-2010-4695: Buffer Overflow

First published: Wed Oct 14 2009(Updated: )

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GIF2PNG Project	=2.5.1
GIF2PNG Project	=2.5.2
Debian GNU/Linux
Fedora	=12

Remedy

http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&r1=1.1&r2=1.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-4695?
CVE-2010-4695 is classified as a medium severity vulnerability due to its potential for directory traversal attacks.
How do I fix CVE-2010-4695?
To fix CVE-2010-4695, update gif2png to version 2.5.3 or later, which addresses the truncation issue.
What software versions are affected by CVE-2010-4695?
CVE-2010-4695 affects gif2png versions 2.5.1 and 2.5.2.
Can CVE-2010-4695 lead to remote code execution?
CVE-2010-4695 does not directly lead to remote code execution, but it may allow unauthorized file manipulation.
Is CVE-2010-4695 specific to any operating system?
CVE-2010-4695 has been noted in Fedora 12 and Debian distributions.

collector/nvd-historical
collector/redhat-cve
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/remedy
agent/severity
agent/author
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/catb
canonical/gif2png project
version/gif2png project/2.5.1
version/gif2png project/2.5.2
vendor/debian
canonical/debian gnu/linux
vendor/redhat
canonical/fedora
version/fedora/12

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.