Login Sign Up

CVE-2021-45909

7.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2021-45909 is a heap-based buffer overflow vulnerability in gif2apng's DecodeLZW function that allows attackers to write arbitrary data beyond buffer boundaries. This affects systems running gif2apng 1.9 for converting GIF images to APNG format. Attackers could potentially execute arbitrary code or crash the application.

💻 Affected Systems

Products:
  • gif2apng
Versions: Version 1.9
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any system with gif2apng 1.9 installed and processing untrusted GIF files is vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Gif2apng by Gif2apng Project

View all CVEs affecting Gif2apng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or installation of persistent malware.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Application crash with no further impact if proper memory protections and sandboxing are in place.

🌐 Internet-Facing: MEDIUM - Requires processing of malicious GIF files, which could be uploaded to web services using gif2apng.
🏢 Internal Only: LOW - Typically requires local user interaction or specific workflows involving GIF conversion.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious GIF file that triggers the buffer overflow during LZW decoding.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.9-1 (Debian patched version)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2022/03/msg00008.html

Restart Required: No

Instructions:

1. Update package via system package manager: 'sudo apt update && sudo apt upgrade gif2apng' 2. Verify installation of patched version 1.9-1 or later.

🔧 Temporary Workarounds

Disable gif2apng processing

linux

Remove or disable gif2apng from systems where it's not essential

sudo apt remove gif2apng

Restrict file processing

all

Implement input validation to reject suspicious GIF files before processing

🧯 If You Can't Patch

  • Implement strict input validation for GIF files before passing to gif2apng
  • Run gif2apng in a sandboxed environment with limited privileges

🔍 How to Verify

Check if Vulnerable:

Check gif2apng version: 'gif2apng --version' or 'dpkg -l | grep gif2apng'

Check Version:

gif2apng --version 2>/dev/null || dpkg -l gif2apng 2>/dev/null || rpm -q gif2apng 2>/dev/null

Verify Fix Applied:

Verify version is 1.9-1 or later: 'dpkg -l gif2apng | grep ^ii' should show 1.9-1

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault crashes of gif2apng
  • Memory access violation errors
  • Abnormal process termination

Network Indicators:

  • Uploads of GIF files followed by application crashes
  • Unusual outbound connections after GIF processing

SIEM Query:

process_name:"gif2apng" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2021-45909
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 28, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45909, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)