CVE-2017-6962

Name	CVE-2017-6962
Description	An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2911-1
Debian Bugs	854447

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
apng2gif (PTS)	bullseye	1.8-2	fixed
	bookworm	1.8-4	fixed
	sid, trixie	1.8-5	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
apng2gif	source	wheezy	(not affected)
apng2gif	source	jessie	(not affected)
apng2gif	source	stretch	1.8-0.1~deb9u1	DLA-2911-1
apng2gif	source	(unstable)	1.8-0.1		854447

Notes

[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)