optipng: arbitrary code execution

ID ASA-201604-5
Type archlinux
Reporter Arch Linux
Modified 2016-04-04T00:00:00


An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes. This issue can possibly be used to execute arbitrary code.