apng2gif could be made to expose sensitive information if it opened a
specifically crafted APNG file.
Software Description:
- apng2gif: tool for converting APNG images to animated GIF format
Details:
Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled
loading APNG files. An attacker could exploit this with a crafted APNG
file to access sensitive information. (CVE-2017-6960)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: apng2gif 1.5-3+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4513-1
CVE-2017-6960
Get the latest Linux and open source security news straight to your inbox.