7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
21.6%
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the
‘buffer’ variable at gifread.c.
Author | Note |
---|---|
Priority reason: Denial of service only in command-line tool | |
mdeslaur | Can’t reproduce with PoC on focal, jammy, and lunar. This is an out-of-bounds read in a command-line tool, unlikely to have any security impact. as of 2023-10-10, there is no fix available from the optipng developers |
optipng.sourceforge.net/
github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md
launchpad.net/bugs/cve/CVE-2023-43907
nvd.nist.gov/vuln/detail/CVE-2023-43907
security-tracker.debian.org/tracker/CVE-2023-43907
sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain&download=
www.cve.org/CVERecord?id=CVE-2023-43907