Lucene search

FreeBSD2BC960C4-E665-11DD-AFCD-00E0815B8DA8

HistoryNov 11, 2008 - 12:00 a.m.

optipng -- arbitrary code execution via crafted BMP image

2008-11-1100:00:00

vuxml.freebsd.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.8%

JSON

Secunia reports:

A vulnerability has been reported in OptiPNG, which
potentially can be exploited by malicious people to compromise
a user’s system.
The vulnerability is caused due to a boundary error in
the BMP reader and can be exploited to cause a buffer
overflow by tricking a user into processing a specially
crafted file.
Successful exploitation may allow execution of arbitrary
code.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchoptipng< 0.6.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	optipng	< 0.6.2	UNKNOWN

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399

optipng.sourceforge.net/

secunia.com/advisories/32651

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for 2BC960C4-E665-11DD-AFCD-00E0815B8DA8