Lucene search
Veracode Vulnerability DatabaseVERACODE:28234HistoryDec 06, 2020 - 3:34 a.m.
Arbitrary Code Execution
2020-12-0603:34:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.009 Low
EPSS
Percentile
83.1%
optipng is vulnerable to arbitrary code execution. A heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c remote attackers to execute arbitrary code on the host OS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| optipng:stretch | eq | 0.7.6-1+deb9u1 | |
| optipng:stretch | eq | 0.7.6-1+deb9u1 |
References
bugs.fi/media/afl/optipng/1/
lists.opensuse.org/opensuse-updates/2016-04/msg00061.html
lists.opensuse.org/opensuse-updates/2016-04/msg00065.html
www.debian.org/security/2016/dsa-3546
www.ubuntu.com/usn/USN-2951-1
security-tracker.debian.org/tracker/CVE-2016-3981
security.gentoo.org/glsa/201608-01
sourceforge.net/p/optipng/bugs/56/
Related
cve
cve
CVE-2016-3981
2016-04-13 16:59:23
ubuntucve
ubuntucve
CVE-2016-3981
2016-04-13 00:00:00
cvelist
cvelist
CVE-2016-3981
2016-04-13 16:00:00
prion
prion
Heap overflow
2016-04-13 16:59:00
nvd
nvd
CVE-2016-3981
2016-04-13 16:59:23
debiancve
debiancve
CVE-2016-3981
2016-04-13 16:59:23
nessus
nessus
GLSA-201608-01 : OptiPNG: Multiple vulnerabilities
2016-08-11 00:00:00
openSUSE Security Update : optipng (openSUSE-2016-469)
2016-04-18 00:00:00
openSUSE Security Update : optipng (openSUSE-2016-468)
2016-04-18 00:00:00
gentoo
gentoo
OptiPNG: Multiple vulnerabilities
2016-08-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 3546-1 (optipng - security update)
2016-04-07 00:00:00
Debian: Security Advisory (DSA-3546-1)
2016-04-06 00:00:00
Ubuntu: Security Advisory (USN-2951-1)
2016-04-19 00:00:00
freebsd
freebsd
optipng -- multiple vulnerabilities
2015-10-09 00:00:00
ubuntu
ubuntu
OptiPNG vulnerabilities
2016-04-18 00:00:00