oss-sec mailing list archives
CVE Request -- OptiPNG
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 12 Nov 2008 12:42:05 +0100
Hello Steve, OptiPNG upstream has released new version, fixing between others one security issue -- buffer overflow present in reader responsible for BMP images handling. References: http://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404 http://secunia.com/Advisories/32651/ http://www.frsirt.com/english/advisories/2008/3108/references http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399 http://optipng.sourceforge.net/ Affected versions: all prior to prior to 0.6.2. (from Secunia advisory) Proposed solution: Upgrade to 0.6.2 or security patch against 0.6.1 available at: http://prdownloads.sourceforge.net/optipng/optipng-0.6.1.1.diff?download Impact: arbitrary code execution (from Secunia advisory) Could you please allocate a new CVE id for this issue? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- OptiPNG Jan Lieskovsky (Nov 12)
- Re: CVE Request -- OptiPNG Steven M. Christey (Nov 20)