High severity7.8NVD Advisory· Published Nov 24, 2017· Updated May 13, 2026

CVE-2017-16938

Description

A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.

Affected products

Optipng Project/Optipng
cpe:2.3:a:optipng_project:optipng:0.7.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/p/optipng/bugs/69/nvdPatchThird Party Advisory
lists.debian.org/debian-lts-announce/2017/11/msg00042.htmlnvd
security.gentoo.org/glsa/201801-02nvd
www.debian.org/security/2017/dsa-4058nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000