Sandeep Wawdane

@hartwork Thanks for asking! CVE Number Update: I’ve already submitted a request for a CVE ID for this issue. Got a confirmation email with a request ID, so it’s in process with the CVE Assignment Team. Patch Details: Patch Details: 1. Filename Check: Can be used basename() to strip out any directory paths from the input filename and blocks anything with .. or / to prevent path traversal tricks. 2. Safe File Creation: Temporary files are made in a secure way (like TempInto.XXXXXX) without using user...

H @hartwork , I have already requested a CVE for this vulnerability. Once the CVE ID is assigned, I will update you and add it here.

Path Traversal vulnerability in giflib's gifinto utility allows creation of files in arbitrary directories due to insufficient validation of user-supplied filenames.