Lucene search
RootSSV:4523HistoryDec 05, 2008 - 12:00 a.m.
OptiPNG BMP阅读器缓冲区溢出漏洞
2008-12-0500:00:00
Root
www.seebug.org
13
0.004 Low
EPSS
Percentile
68.9%
BUGTRAQ ID: 32248
CVE(CAN) ID: CVE-2008-5101
OptiPNG是PNG优化程序,可无损的将图形文件重新压缩到更小的尺寸。
OptiPNG的BMP阅读器在处理畸形BMP文件时存在缓冲区溢出漏洞。如果用户打开了带有畸形头的图形文件的话,就可以触发这个溢出,导致执行任意代码。
OptiPNG 0.6
Gentoo
Gentoo已经为此发布了一个安全公告(GLSA-200812-01)以及相应补丁:
GLSA-200812-01:OptiPNG: User-assisted execution of arbitrary code
链接:<a href=“http://security.gentoo.org/glsa/glsa-200812-01.xml” target=“_blank”>http://security.gentoo.org/glsa/glsa-200812-01.xml</a>
所有OptiPNG用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2"
OptiPNG
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://downloads.sourceforge.net/optipng/optipng-0.6.2.tar.gz” target=“_blank”>http://downloads.sourceforge.net/optipng/optipng-0.6.2.tar.gz</a>
Related
openvas
openvas
Gentoo Security Advisory GLSA 200812-01 (optipng)
2008-12-03 00:00:00
Gentoo Security Advisory GLSA 200812-01 (optipng)
2008-12-03 00:00:00
FreeBSD Ports: optipng
2009-01-20 00:00:00
nessus
nessus
FreeBSD : optipng -- arbitrary code execution via crafted BMP image (2bc960c4-e665-11dd-afcd-00e0815b8da8)
2009-01-20 00:00:00
GLSA-200812-01 : OptiPNG: User-assisted execution of arbitrary code
2008-12-03 00:00:00
openSUSE Security Update : optipng (optipng-572)
2009-07-21 00:00:00
prion
prion
Buffer overflow
2008-11-17 18:18:00
securityvulns
securityvulns
[ GLSA 200812-01 ] OptiPNG: User-assisted execution of arbitrary code
2008-12-04 00:00:00
OptiPNG buffer overflow
2008-12-04 00:00:00
freebsd
freebsd
optipng -- arbitrary code execution via crafted BMP image
2008-11-11 00:00:00
gentoo
gentoo
OptiPNG: User-assisted execution of arbitrary code
2008-12-02 00:00:00
cve
cve
CVE-2008-5101
2008-11-17 18:18:00
debiancve
debiancve
CVE-2008-5101
2008-11-17 18:18:00
ubuntucve
ubuntucve
CVE-2008-5101
2008-11-17 00:00:00