Improper Validation of Specified Quantity in Input
CVE-2021-45972
Summary
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
References
Advisory Timeline
- Published