OptiPNG is vulnerable to denial of service. An attacker may cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
CPE | Name | Operator | Version |
---|---|---|---|
optipng:stretch | eq | 0.7.6-1+deb9u1 | |
optipng:stretch | eq | 0.7.6-1+deb9u1 |
bugs.fi/media/afl/optipng/2/
lists.opensuse.org/opensuse-updates/2016-04/msg00061.html
lists.opensuse.org/opensuse-updates/2016-04/msg00065.html
www.debian.org/security/2016/dsa-3546
www.ubuntu.com/usn/USN-2951-1
security-tracker.debian.org/tracker/CVE-2016-3982
security.gentoo.org/glsa/201608-01
sourceforge.net/p/optipng/bugs/57/