FreshPorts - VuXML

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

< 0.7.6

Frank-Z7 reports:

Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out" configuration options enabled raises a global-buffer-overflow bug, which could allow a remote attacker to conduct a denial-of-service attack or other unspecified effect on a crafted file.

< 0.7.7_1

Gustavo Grieco reports:

We found a use-after-free causing an invalid/double free in optipng 0.6.4.

le 0.6.5

Secunia reports:

A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

< 0.6.2