oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request -- OptiPNG

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 12 Nov 2008 12:42:05 +0100
Hello Steve,

  OptiPNG upstream has released new version, fixing between others
one security issue -- buffer overflow present in reader responsible
for BMP images handling.

References:
http://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404
http://secunia.com/Advisories/32651/
http://www.frsirt.com/english/advisories/2008/3108/references
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399
http://optipng.sourceforge.net/

Affected versions: all prior to prior to 0.6.2. (from Secunia advisory)

Proposed solution:

Upgrade to 0.6.2 or security patch against 0.6.1 available at:
http://prdownloads.sourceforge.net/optipng/optipng-0.6.1.1.diff?download

Impact: arbitrary code execution (from Secunia advisory)

Could you please allocate a new CVE id for this issue?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: