RHEL 7 : optipng (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - optipng: heap buffer overflow in the bmpreadrows function CVE-2016-3981 - optipng: heap buffer overflow i...

Arbitrary Code Execution

optipng is vulnerable to arbitrary code execution. A heap-based buffer overflow in the bmpreadrows function in pngxrbmp.c remote attackers to execute arbitrary code on the host OS...

FreeBSD : optipng -- multiple vulnerabilities (8fedf75c-ef2f-11e6-900e-003048f78448)

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service uninitialized memory read via a crafted GIF file. The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory...

CVE-2016-3981

Heap-based buffer overflow in the bmpreadrows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file...

CVE-2016-2191

OptiPNG before 0.7.6 is affected by a vulnerability in bmp_read_rows (pngxtern/pngxrbmp.c) triggered by crafting BMP delta escapes. The issue can cause an invalid memory write and crash, enabling a denial of service. Some advisories also note potential arbitrary code execution in certain contexts...

CVE-2016-2191

The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory write and crash via a series of delta escapes in a crafted BMP image...