Published: 20/04/2016 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

gifread.c in gif2png, as used in OptiPNG prior to 0.7.6, allows remote malicious users to cause a denial of service (uninitialized memory read) via a crafted GIF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
optipng project optipng 0.7.5
canonical ubuntu linux 15.10
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04

OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #820068 optipng: CVE-2016-2191: Invalid write while processing delta escapes without any boundary checking Package: src:optipng; Maintainer for src:optipng is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...

Debian Bug report logs - #801700 optipng: CVE-2015-7802: Buffer overflow in global memory Package: src:optipng; Maintainer for src:optipng is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Oct 2015 15:42:01 UTC Severity ...

gifreadc in gif2png, as used in OptiPNG before 076, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file ...

CWE-119 http://optipng.sourceforge.net/history.txt http://www.ubuntu.com/usn/USN-2951-1 https://sourceforge.net/p/optipng/bugs/53/https://usn.ubuntu.com/2951-1/https://nvd.nist.gov

CVE-2015-7802

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect