CVE-2017-6961

Name	CVE-2017-6961
Description	An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DLA-2911-1
Debian Bugs	854441

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
apng2gif (PTS)	buster	1.8-0.1	fixed
	bullseye	1.8-2	fixed
	bookworm, sid	1.8-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
apng2gif	source	wheezy	(not affected)
apng2gif	source	jessie	(not affected)
apng2gif	source	stretch	1.8-0.1~deb9u1	DLA-2911-1
apng2gif	source	(unstable)	1.8-0.1		854441

Notes

[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)