Veracode Vulnerability DatabaseVERACODE:44529Buffer Overflow
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.6%
optipng is vulnerable to Buffer Overflow. The vulnerability exists in the ‘buffer’ variable at gifread.c, allowing an attacker to cause an application crash.
References
optipng.sourceforge.net/
github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml
sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain&download=
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.6%