CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43907
https://notcve.org/view.php?id=CVE-2023-43907
01 Oct 2023 — OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. Se descubrió que OptiPNG v0.7.7 contenía un desbordamiento de búfer global a través de la variable 'buffer' en gifread.c. • http://optipng.sourceforge.net • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16938 – Gentoo Linux Security Advisory 201801-02
https://notcve.org/view.php?id=CVE-2017-16938
24 Nov 2017 — A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file. Un desbordamiento de búfer global en OptiPNG 0.7.6 permite que atacantes remotos provoquen un ataque de denegación de servicio (DoS) u otro impacto sin especificar con un archivo maliciosamente manipulado de formato GIF. Esto se relaciona con un bucle no ... • https://lists.debian.org/debian-lts-announce/2017/11/msg00042.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-1000229 – Gentoo Linux Security Advisory 201801-02
https://notcve.org/view.php?id=CVE-2017-1000229
17 Nov 2017 — Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. Un fallo de desbordamiento de enteros en la función minitiff_read_info() de optipng 0.7.6 permite que un atacante ejecute código de manera remota o provoque una denegación de servicio (DoS). It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a de... • https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 6%CPEs: 4EXPL: 1CVE-2015-7801 – Ubuntu Security Notice USN-2951-1
https://notcve.org/view.php?id=CVE-2015-7801
18 Apr 2016 — Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. Vulnerabilidad de uso después de liberación de memoria en OptiPNG 0.6.4 permite a atacantes remotos ejecutar código arbitrario a través de un archivo PNG manipulado. Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. Gustavo Grieco discover... • http://www.openwall.com/lists/oss-security/2015/09/16/1 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7802 – Ubuntu Security Notice USN-2951-1
https://notcve.org/view.php?id=CVE-2015-7802
18 Apr 2016 — gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. gifread.c en gif2png, tal como se utiliza en OptiPNG en versiones anteriores a 0.7.6, permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no inicializada) a través de un archivo GIF manipulado. Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially cra... • http://optipng.sourceforge.net/history.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 1CVE-2016-3981 – Gentoo Linux Security Advisory 201608-01
https://notcve.org/view.php?id=CVE-2016-3981
13 Apr 2016 — Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. Desbordamiento de buffer basado en memoria dinámica en la función bmp_read_rows en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango o escritura de acceso y caída) ... • http://bugs.fi/media/afl/optipng/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-3982 – Gentoo Linux Security Advisory 201608-01
https://notcve.org/view.php?id=CVE-2016-3982
13 Apr 2016 — Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. Error por un paso en la función bmp_rle4_fread en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (acceso a lectura o escritura fuera de rango y caída... • http://bugs.fi/media/afl/optipng/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0749
https://notcve.org/view.php?id=CVE-2009-0749
02 Mar 2009 — Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. Vulnerabilidad del tipo "use-after-free" (usar recurso después de haberlo liberado o destruido) en la función GIFReadNextExtension en lib/pngxtern/gif/gif... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html • CWE-416: Use After Free •