USN-4513-1: apng2gif vulnerability

17 September 2020

apng2gif could be made to expose sensitive information if it opened a specifically crafted APNG file.

Releases

Packages

  • apng2gif - tool for converting APNG images to animated GIF format

Details

Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled
loading APNG files. An attacker could exploit this with a crafted APNG
file to access sensitive information. (CVE-2017-6960)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References