Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2019-1313
HistoryOct 08, 2019 - 10:03 p.m.

Medium: optipng

2019-10-0822:03:00
alas.aws.amazon.com
16

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.022

Percentile

89.5%

JSON

Issue Overview:

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.(CVE-2016-2191)

Affected Packages:

optipng

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update optipng to update your system.

New Packages:

aarch64:  
    optipng-0.7.7-3.amzn2.aarch64  
    optipng-debuginfo-0.7.7-3.amzn2.aarch64  
  
i686:  
    optipng-0.7.7-3.amzn2.i686  
    optipng-debuginfo-0.7.7-3.amzn2.i686  
  
src:  
    optipng-0.7.7-3.amzn2.src  
  
x86_64:  
    optipng-0.7.7-3.amzn2.x86_64  
    optipng-debuginfo-0.7.7-3.amzn2.x86_64

Additional References

Red Hat: CVE-2016-2191

Mitre: CVE-2016-2191

Related

ubuntucve 1
prion 1
nessus 11
archlinux 1
openvas 6
nvd 1
debiancve 1
fedora 2
cve 1
osv 1
cvelist 1
veracode 1
mageia 1
debian 1
gentoo 1
freebsd 1
ubuntu 1
ubuntucve
ubuntucve
CVE-2016-2191
2016-04-13 00:00:00
prion
prion
Session fixation
2016-04-13 16:59:00
nessus
nessus
Fedora 23 : optipng (2016-b8f91621c7)
2016-07-15 00:00:00
Fedora 24 : optipng (2016-2e339a7779)
2016-07-14 00:00:00
Amazon Linux 2 : optipng (ALAS-2019-1313)
2019-10-11 00:00:00
archlinux
archlinux
optipng: arbitrary code execution
2016-04-04 00:00:00
openvas
openvas
Fedora Update for optipng FEDORA-2016-b8f91621c7
2016-06-27 00:00:00
Fedora Update for optipng FEDORA-2016-2e339a7779
2016-06-19 00:00:00
Mageia: Security Advisory (MGASA-2016-0135)
2016-05-09 00:00:00
nvd
nvd
CVE-2016-2191
2016-04-13 16:59:11
debiancve
debiancve
CVE-2016-2191
2016-04-13 16:59:11
fedora
fedora
[SECURITY] Fedora 24 Update: optipng-0.7.6-1.fc24
2016-06-18 20:03:40
[SECURITY] Fedora 23 Update: optipng-0.7.6-1.fc23
2016-06-25 23:30:40
cve
cve
CVE-2016-2191
2016-04-13 16:59:11
osv
osv
optipng-0.7.6-1.4 on GA media
2024-06-15 00:00:00
cvelist
cvelist
CVE-2016-2191
2016-04-13 16:00:00
veracode
veracode
Denial Of Service (DoS)
2020-12-06 03:15:20
mageia
mageia
Updated optipng packages fix security vulnerabilities
2016-04-13 20:39:04
debian
debian
[SECURITY] [DSA 3546-1] optipng security update
2016-04-07 21:17:34
gentoo
gentoo
OptiPNG: Multiple vulnerabilities
2016-08-11 00:00:00
freebsd
freebsd
optipng -- multiple vulnerabilities
2015-10-09 00:00:00
ubuntu
ubuntu
OptiPNG vulnerabilities
2016-04-18 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.022

Percentile

89.5%

JSON
Related for ALAS2-2019-1313
ubuntucve1prion1nessus11archlinux1openvas6nvd1debiancve1fedora2cve1osv1cvelist1veracode1mageia1debian1gentoo1freebsd1ubuntu1