CVE-2023-43907

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.

Se descubrió que OptiPNG v0.7.7 contenía un desbordamiento de búfer global a través de la variable 'buffer' en gifread.c.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-09-25 CVE Reserved
2023-10-01 CVE Published
2024-09-23 CVE Updated
2024-09-23 First Exploit
2024-11-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (6)

URL	Tag	Source
http://optipng.sourceforge.net	Product
https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain&download=	Product

URL	Date	SRC
https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md	2024-09-23

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH	2023-11-14
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3	2023-11-14
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5	2023-11-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Optipng Project Search vendor "Optipng Project"		Optipng Search vendor "Optipng Project" for product "Optipng"				0.7.7 Search vendor "Optipng Project" for product "Optipng" and version "0.7.7"		-		Affected