CVSS: 9.3EPSS: 6%CPEs: 4EXPL: 1CVE-2015-7801 – Ubuntu Security Notice USN-2951-1
https://notcve.org/view.php?id=CVE-2015-7801
18 Apr 2016 — Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. Vulnerabilidad de uso después de liberación de memoria en OptiPNG 0.6.4 permite a atacantes remotos ejecutar código arbitrario a través de un archivo PNG manipulado. Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. Gustavo Grieco discover... • http://www.openwall.com/lists/oss-security/2015/09/16/1 •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 1CVE-2016-3981 – Gentoo Linux Security Advisory 201608-01
https://notcve.org/view.php?id=CVE-2016-3981
13 Apr 2016 — Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. Desbordamiento de buffer basado en memoria dinámica en la función bmp_read_rows en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango o escritura de acceso y caída) ... • http://bugs.fi/media/afl/optipng/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-3982 – Gentoo Linux Security Advisory 201608-01
https://notcve.org/view.php?id=CVE-2016-3982
13 Apr 2016 — Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. Error por un paso en la función bmp_rle4_fread en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (acceso a lectura o escritura fuera de rango y caída... • http://bugs.fi/media/afl/optipng/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0749
https://notcve.org/view.php?id=CVE-2009-0749
02 Mar 2009 — Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. Vulnerabilidad del tipo "use-after-free" (usar recurso después de haberlo liberado o destruido) en la función GIFReadNextExtension en lib/pngxtern/gif/gif... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 1CVE-2008-5101
https://notcve.org/view.php?id=CVE-2008-5101
17 Nov 2008 — Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow." Desbordamiento de búfer en el lector BMP en OptiPNG v0.6 y v0.6.1 permite a atacantes con usuario asistido ejecutar código de su elección a través de una imagen BMP manipulada, relacionado con un "desbordamiento de array". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •