rpm package
opensuse/optipng&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/optipng&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43907 | — | < 0.7.8-1.1 | 0.7.8-1.1 | Oct 1, 2023 | OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. | ||
| CVE-2017-16938 | Hig | 7.8 | < 0.7.7-2.3 | 0.7.7-2.3 | Nov 24, 2017 | A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file. | |
| CVE-2017-1000229 | Hig | 7.8 | < 0.7.7-2.3 | 0.7.7-2.3 | Nov 17, 2017 | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | |
| CVE-2016-2191 | Med | 6.5 | < 0.7.6-1.4 | 0.7.6-1.4 | Apr 13, 2016 | The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. | |
| CVE-2008-5101 | — | < 0.7.7-2.3 | 0.7.7-2.3 | Nov 17, 2008 | Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow." |
- CVE-2023-43907Oct 1, 2023affected < 0.7.8-1.1fixed 0.7.8-1.1
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.
- affected < 0.7.7-2.3fixed 0.7.7-2.3
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.
- affected < 0.7.7-2.3fixed 0.7.7-2.3
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
- affected < 0.7.6-1.4fixed 0.7.6-1.4
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
- CVE-2008-5101Nov 17, 2008affected < 0.7.7-2.3fixed 0.7.7-2.3
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."