Описание
Security update for optipng
optipng was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-2191: Invalid write while processing bitmap images (bsc#973992).
- CVE-2016-3981: Heap buffer overflow pngxrbmp.c bmp_read_rows
- CVE-2016-3982: Heap buffer overflow pngxrbmp.c bmp_rle4_fread
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1078-1
- SUSE Security Ratings
Описание
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
Затронутые продукты
Ссылки
- CVE-2016-2191
- SUSE Bug 973992
Описание
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-3981
- SUSE Bug 973992
Описание
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2016-3982
- SUSE Bug 973992