Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    16 vulnerabilities by optipng_project

    CVE-2023-43907 (GCVE-0-2023-43907)

    Vulnerability from nvd – Published: 2023-10-01 00:00 – Updated: 2024-09-23 16:45
    VLAI
    Summary
    OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://optipng.sourceforge.net/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain\u0026download="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md"
              },
              {
                "name": "FEDORA-2023-f3389245ce",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH/"
              },
              {
                "name": "FEDORA-2023-ae05c3bca8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3/"
              },
              {
                "name": "FEDORA-2023-125037736c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43907",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T16:42:08.774710Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T16:45:51.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the \u0027buffer\u0027 variable at gifread.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T03:07:20.895Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://optipng.sourceforge.net/"
            },
            {
              "url": "https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain\u0026download="
            },
            {
              "url": "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md"
            },
            {
              "name": "FEDORA-2023-f3389245ce",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH/"
            },
            {
              "name": "FEDORA-2023-ae05c3bca8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3/"
            },
            {
              "name": "FEDORA-2023-125037736c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43907",
        "datePublished": "2023-10-01T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-09-23T16:45:51.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16938 (GCVE-0-2017-16938)

    Vulnerability from nvd – Published: 2017-11-24 07:00 – Updated: 2024-08-05 20:43
    VLAI
    Summary
    A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2017… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2017/dsa-4058 vendor-advisoryx_refsource_DEBIAN
    https://sourceforge.net/p/optipng/bugs/69/ x_refsource_MISC
    https://security.gentoo.org/glsa/201801-02 vendor-advisoryx_refsource_GENTOO
    Date Public
    2017-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:43:57.855Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00042.html"
              },
              {
                "name": "DSA-4058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-4058"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/69/"
              },
              {
                "name": "GLSA-201801-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201801-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00042.html"
            },
            {
              "name": "DSA-4058",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-4058"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/69/"
            },
            {
              "name": "GLSA-201801-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201801-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00042.html"
                },
                {
                  "name": "DSA-4058",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-4058"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/69/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/optipng/bugs/69/"
                },
                {
                  "name": "GLSA-201801-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201801-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16938",
        "datePublished": "2017-11-24T07:00:00.000Z",
        "dateReserved": "2017-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:43:57.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000229 (GCVE-0-2017-1000229)

    Vulnerability from nvd – Published: 2017-11-17 05:00 – Updated: 2024-08-05 21:53
    VLAI
    Summary
    Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2017… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2017/dsa-4058 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201801-02 vendor-advisoryx_refsource_GENTOO
    https://sourceforge.net/p/optipng/bugs/65/ x_refsource_MISC
    Date Public
    2017-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:53:07.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"
              },
              {
                "name": "DSA-4058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-4058"
              },
              {
                "name": "GLSA-201801-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201801-02"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/65/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-08-22T00:00:00.000Z",
          "datePublic": "2017-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"
            },
            {
              "name": "DSA-4058",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-4058"
            },
            {
              "name": "GLSA-201801-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201801-02"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/65/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-08-22T17:29:33.458408",
              "ID": "CVE-2017-1000229",
              "REQUESTER": "jschoi.2022@gmail.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"
                },
                {
                  "name": "DSA-4058",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-4058"
                },
                {
                  "name": "GLSA-201801-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201801-02"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/65/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/optipng/bugs/65/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000229",
        "datePublished": "2017-11-17T05:00:00.000Z",
        "dateReserved": "2017-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:53:07.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7802 (GCVE-0-2015-7802)

    Vulnerability from nvd – Published: 2016-04-20 16:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://optipng.sourceforge.net/history.txt x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    https://sourceforge.net/p/optipng/bugs/53/ x_refsource_CONFIRM
    Date Public
    2016-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://optipng.sourceforge.net/history.txt"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/53/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://optipng.sourceforge.net/history.txt"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/53/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7802",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://optipng.sourceforge.net/history.txt",
                  "refsource": "CONFIRM",
                  "url": "http://optipng.sourceforge.net/history.txt"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/53/",
                  "refsource": "CONFIRM",
                  "url": "https://sourceforge.net/p/optipng/bugs/53/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7802",
        "datePublished": "2016-04-20T16:00:00.000Z",
        "dateReserved": "2015-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7801 (GCVE-0-2015-7801)

    Vulnerability from nvd – Published: 2016-04-20 16:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2015/09/16/1 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1264015 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2015-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20150916 CVE Request: Use-after-free in optipng 0.6.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20150916 CVE Request: Use-after-free in optipng 0.6.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7801",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20150916 CVE Request: Use-after-free in optipng 0.6.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/16/1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7801",
        "datePublished": "2016-04-20T16:00:00.000Z",
        "dateReserved": "2015-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3982 (GCVE-0-2016-3982)

    Vulnerability from nvd – Published: 2016-04-13 16:00 – Updated: 2024-08-06 00:10
    VLAI
    Summary
    Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3546 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201608-01 vendor-advisoryx_refsource_GENTOO
    http://bugs.fi/media/afl/optipng/2/ x_refsource_MISC
    https://sourceforge.net/p/optipng/bugs/57/ x_refsource_CONFIRM
    Date Public
    2016-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:10:31.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
              },
              {
                "name": "DSA-3546",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3546"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              },
              {
                "name": "openSUSE-SU-2016:1078",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
              },
              {
                "name": "GLSA-201608-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201608-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.fi/media/afl/optipng/2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/57/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
            },
            {
              "name": "DSA-3546",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3546"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            },
            {
              "name": "openSUSE-SU-2016:1078",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
            },
            {
              "name": "GLSA-201608-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201608-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.fi/media/afl/optipng/2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/57/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3982",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:1082",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
                },
                {
                  "name": "DSA-3546",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3546"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                },
                {
                  "name": "openSUSE-SU-2016:1078",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
                },
                {
                  "name": "GLSA-201608-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201608-01"
                },
                {
                  "name": "http://bugs.fi/media/afl/optipng/2/",
                  "refsource": "MISC",
                  "url": "http://bugs.fi/media/afl/optipng/2/"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/57/",
                  "refsource": "CONFIRM",
                  "url": "https://sourceforge.net/p/optipng/bugs/57/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3982",
        "datePublished": "2016-04-13T16:00:00.000Z",
        "dateReserved": "2016-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:10:31.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3981 (GCVE-0-2016-3981)

    Vulnerability from nvd – Published: 2016-04-13 16:00 – Updated: 2024-08-06 00:10
    VLAI
    Summary
    Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.fi/media/afl/optipng/1/ x_refsource_MISC
    https://sourceforge.net/p/optipng/bugs/56/ x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3546 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201608-01 vendor-advisoryx_refsource_GENTOO
    Date Public
    2016-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:10:31.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.fi/media/afl/optipng/1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/56/"
              },
              {
                "name": "openSUSE-SU-2016:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
              },
              {
                "name": "DSA-3546",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3546"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              },
              {
                "name": "openSUSE-SU-2016:1078",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
              },
              {
                "name": "GLSA-201608-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201608-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.fi/media/afl/optipng/1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/56/"
            },
            {
              "name": "openSUSE-SU-2016:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
            },
            {
              "name": "DSA-3546",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3546"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            },
            {
              "name": "openSUSE-SU-2016:1078",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
            },
            {
              "name": "GLSA-201608-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201608-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3981",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.fi/media/afl/optipng/1/",
                  "refsource": "MISC",
                  "url": "http://bugs.fi/media/afl/optipng/1/"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/56/",
                  "refsource": "CONFIRM",
                  "url": "https://sourceforge.net/p/optipng/bugs/56/"
                },
                {
                  "name": "openSUSE-SU-2016:1082",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
                },
                {
                  "name": "DSA-3546",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3546"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                },
                {
                  "name": "openSUSE-SU-2016:1078",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
                },
                {
                  "name": "GLSA-201608-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201608-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3981",
        "datePublished": "2016-04-13T16:00:00.000Z",
        "dateReserved": "2016-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:10:31.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0749 (GCVE-0-2009-0749)

    Vulnerability from nvd – Published: 2009-03-02 20:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/34201 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34259 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34035 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/33873 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/0510 vdb-entryx_refsource_VUPEN
    http://optipng.sourceforge.net x_refsource_CONFIRM
    http://sourceforge.net/tracker/index.php?func=det… x_refsource_CONFIRM
    http://secunia.com/advisories/35685 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2009/02/24/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2009/02/25/4 mailing-listx_refsource_MLIST
    http://www.gentoo.org/security/en/glsa/glsa-20090… vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2009-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:51.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34201",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34201"
              },
              {
                "name": "34259",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34259"
              },
              {
                "name": "34035",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34035"
              },
              {
                "name": "33873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33873"
              },
              {
                "name": "SUSE-SR:2009:006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
              },
              {
                "name": "ADV-2009-0510",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0510"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://optipng.sourceforge.net"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913"
              },
              {
                "name": "35685",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35685"
              },
              {
                "name": "SUSE-SR:2009:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
              },
              {
                "name": "[oss-security] 20090224 CVE request: optipng security release",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/24/2"
              },
              {
                "name": "[oss-security] 20090225 Re: CVE request: optipng security release",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/25/4"
              },
              {
                "name": "GLSA-200903-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml"
              },
              {
                "name": "optipng-gifreadnextextension-code-execution(48879)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34201",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34201"
            },
            {
              "name": "34259",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34259"
            },
            {
              "name": "34035",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34035"
            },
            {
              "name": "33873",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33873"
            },
            {
              "name": "SUSE-SR:2009:006",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
            },
            {
              "name": "ADV-2009-0510",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0510"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://optipng.sourceforge.net"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913"
            },
            {
              "name": "35685",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35685"
            },
            {
              "name": "SUSE-SR:2009:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
            },
            {
              "name": "[oss-security] 20090224 CVE request: optipng security release",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/24/2"
            },
            {
              "name": "[oss-security] 20090225 Re: CVE request: optipng security release",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/25/4"
            },
            {
              "name": "GLSA-200903-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml"
            },
            {
              "name": "optipng-gifreadnextextension-code-execution(48879)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34201",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34201"
                },
                {
                  "name": "34259",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34259"
                },
                {
                  "name": "34035",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34035"
                },
                {
                  "name": "33873",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33873"
                },
                {
                  "name": "SUSE-SR:2009:006",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
                },
                {
                  "name": "ADV-2009-0510",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0510"
                },
                {
                  "name": "http://optipng.sourceforge.net",
                  "refsource": "CONFIRM",
                  "url": "http://optipng.sourceforge.net"
                },
                {
                  "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913"
                },
                {
                  "name": "35685",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35685"
                },
                {
                  "name": "SUSE-SR:2009:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
                },
                {
                  "name": "[oss-security] 20090224 CVE request: optipng security release",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/24/2"
                },
                {
                  "name": "[oss-security] 20090225 Re: CVE request: optipng security release",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/25/4"
                },
                {
                  "name": "GLSA-200903-12",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml"
                },
                {
                  "name": "optipng-gifreadnextextension-code-execution(48879)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0749",
        "datePublished": "2009-03-02T20:00:00.000Z",
        "dateReserved": "2009-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:51.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43907 (GCVE-0-2023-43907)

    Vulnerability from cvelistv5 – Published: 2023-10-01 00:00 – Updated: 2024-09-23 16:45
    VLAI
    Summary
    OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://optipng.sourceforge.net/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain\u0026download="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md"
              },
              {
                "name": "FEDORA-2023-f3389245ce",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH/"
              },
              {
                "name": "FEDORA-2023-ae05c3bca8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3/"
              },
              {
                "name": "FEDORA-2023-125037736c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43907",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T16:42:08.774710Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T16:45:51.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the \u0027buffer\u0027 variable at gifread.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T03:07:20.895Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://optipng.sourceforge.net/"
            },
            {
              "url": "https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain\u0026download="
            },
            {
              "url": "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md"
            },
            {
              "name": "FEDORA-2023-f3389245ce",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH/"
            },
            {
              "name": "FEDORA-2023-ae05c3bca8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3/"
            },
            {
              "name": "FEDORA-2023-125037736c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43907",
        "datePublished": "2023-10-01T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-09-23T16:45:51.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16938 (GCVE-0-2017-16938)

    Vulnerability from cvelistv5 – Published: 2017-11-24 07:00 – Updated: 2024-08-05 20:43
    VLAI
    Summary
    A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2017… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2017/dsa-4058 vendor-advisoryx_refsource_DEBIAN
    https://sourceforge.net/p/optipng/bugs/69/ x_refsource_MISC
    https://security.gentoo.org/glsa/201801-02 vendor-advisoryx_refsource_GENTOO
    Date Public
    2017-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:43:57.855Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00042.html"
              },
              {
                "name": "DSA-4058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-4058"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/69/"
              },
              {
                "name": "GLSA-201801-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201801-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00042.html"
            },
            {
              "name": "DSA-4058",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-4058"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/69/"
            },
            {
              "name": "GLSA-201801-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201801-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00042.html"
                },
                {
                  "name": "DSA-4058",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-4058"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/69/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/optipng/bugs/69/"
                },
                {
                  "name": "GLSA-201801-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201801-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16938",
        "datePublished": "2017-11-24T07:00:00.000Z",
        "dateReserved": "2017-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:43:57.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000229 (GCVE-0-2017-1000229)

    Vulnerability from cvelistv5 – Published: 2017-11-17 05:00 – Updated: 2024-08-05 21:53
    VLAI
    Summary
    Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2017… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2017/dsa-4058 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201801-02 vendor-advisoryx_refsource_GENTOO
    https://sourceforge.net/p/optipng/bugs/65/ x_refsource_MISC
    Date Public
    2017-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:53:07.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"
              },
              {
                "name": "DSA-4058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-4058"
              },
              {
                "name": "GLSA-201801-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201801-02"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/65/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-08-22T00:00:00.000Z",
          "datePublic": "2017-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"
            },
            {
              "name": "DSA-4058",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-4058"
            },
            {
              "name": "GLSA-201801-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201801-02"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/65/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-08-22T17:29:33.458408",
              "ID": "CVE-2017-1000229",
              "REQUESTER": "jschoi.2022@gmail.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"
                },
                {
                  "name": "DSA-4058",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-4058"
                },
                {
                  "name": "GLSA-201801-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201801-02"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/65/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/optipng/bugs/65/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000229",
        "datePublished": "2017-11-17T05:00:00.000Z",
        "dateReserved": "2017-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:53:07.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7801 (GCVE-0-2015-7801)

    Vulnerability from cvelistv5 – Published: 2016-04-20 16:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2015/09/16/1 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1264015 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2015-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20150916 CVE Request: Use-after-free in optipng 0.6.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20150916 CVE Request: Use-after-free in optipng 0.6.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7801",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20150916 CVE Request: Use-after-free in optipng 0.6.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/16/1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264015"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7801",
        "datePublished": "2016-04-20T16:00:00.000Z",
        "dateReserved": "2015-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7802 (GCVE-0-2015-7802)

    Vulnerability from cvelistv5 – Published: 2016-04-20 16:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://optipng.sourceforge.net/history.txt x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    https://sourceforge.net/p/optipng/bugs/53/ x_refsource_CONFIRM
    Date Public
    2016-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://optipng.sourceforge.net/history.txt"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/53/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://optipng.sourceforge.net/history.txt"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/53/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7802",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://optipng.sourceforge.net/history.txt",
                  "refsource": "CONFIRM",
                  "url": "http://optipng.sourceforge.net/history.txt"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/53/",
                  "refsource": "CONFIRM",
                  "url": "https://sourceforge.net/p/optipng/bugs/53/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7802",
        "datePublished": "2016-04-20T16:00:00.000Z",
        "dateReserved": "2015-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3982 (GCVE-0-2016-3982)

    Vulnerability from cvelistv5 – Published: 2016-04-13 16:00 – Updated: 2024-08-06 00:10
    VLAI
    Summary
    Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3546 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201608-01 vendor-advisoryx_refsource_GENTOO
    http://bugs.fi/media/afl/optipng/2/ x_refsource_MISC
    https://sourceforge.net/p/optipng/bugs/57/ x_refsource_CONFIRM
    Date Public
    2016-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:10:31.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
              },
              {
                "name": "DSA-3546",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3546"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              },
              {
                "name": "openSUSE-SU-2016:1078",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
              },
              {
                "name": "GLSA-201608-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201608-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.fi/media/afl/optipng/2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/57/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
            },
            {
              "name": "DSA-3546",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3546"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            },
            {
              "name": "openSUSE-SU-2016:1078",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
            },
            {
              "name": "GLSA-201608-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201608-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.fi/media/afl/optipng/2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/57/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3982",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:1082",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
                },
                {
                  "name": "DSA-3546",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3546"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                },
                {
                  "name": "openSUSE-SU-2016:1078",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
                },
                {
                  "name": "GLSA-201608-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201608-01"
                },
                {
                  "name": "http://bugs.fi/media/afl/optipng/2/",
                  "refsource": "MISC",
                  "url": "http://bugs.fi/media/afl/optipng/2/"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/57/",
                  "refsource": "CONFIRM",
                  "url": "https://sourceforge.net/p/optipng/bugs/57/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3982",
        "datePublished": "2016-04-13T16:00:00.000Z",
        "dateReserved": "2016-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:10:31.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3981 (GCVE-0-2016-3981)

    Vulnerability from cvelistv5 – Published: 2016-04-13 16:00 – Updated: 2024-08-06 00:10
    VLAI
    Summary
    Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.fi/media/afl/optipng/1/ x_refsource_MISC
    https://sourceforge.net/p/optipng/bugs/56/ x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3546 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2951-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201608-01 vendor-advisoryx_refsource_GENTOO
    Date Public
    2016-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:10:31.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.fi/media/afl/optipng/1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/optipng/bugs/56/"
              },
              {
                "name": "openSUSE-SU-2016:1082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
              },
              {
                "name": "DSA-3546",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3546"
              },
              {
                "name": "USN-2951-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2951-1"
              },
              {
                "name": "openSUSE-SU-2016:1078",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
              },
              {
                "name": "GLSA-201608-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201608-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.fi/media/afl/optipng/1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceforge.net/p/optipng/bugs/56/"
            },
            {
              "name": "openSUSE-SU-2016:1082",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
            },
            {
              "name": "DSA-3546",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3546"
            },
            {
              "name": "USN-2951-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2951-1"
            },
            {
              "name": "openSUSE-SU-2016:1078",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
            },
            {
              "name": "GLSA-201608-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201608-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3981",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.fi/media/afl/optipng/1/",
                  "refsource": "MISC",
                  "url": "http://bugs.fi/media/afl/optipng/1/"
                },
                {
                  "name": "https://sourceforge.net/p/optipng/bugs/56/",
                  "refsource": "CONFIRM",
                  "url": "https://sourceforge.net/p/optipng/bugs/56/"
                },
                {
                  "name": "openSUSE-SU-2016:1082",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"
                },
                {
                  "name": "DSA-3546",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3546"
                },
                {
                  "name": "USN-2951-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2951-1"
                },
                {
                  "name": "openSUSE-SU-2016:1078",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"
                },
                {
                  "name": "GLSA-201608-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201608-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3981",
        "datePublished": "2016-04-13T16:00:00.000Z",
        "dateReserved": "2016-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:10:31.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0749 (GCVE-0-2009-0749)

    Vulnerability from cvelistv5 – Published: 2009-03-02 20:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/34201 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34259 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34035 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/33873 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/0510 vdb-entryx_refsource_VUPEN
    http://optipng.sourceforge.net x_refsource_CONFIRM
    http://sourceforge.net/tracker/index.php?func=det… x_refsource_CONFIRM
    http://secunia.com/advisories/35685 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2009/02/24/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2009/02/25/4 mailing-listx_refsource_MLIST
    http://www.gentoo.org/security/en/glsa/glsa-20090… vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2009-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:51.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34201",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34201"
              },
              {
                "name": "34259",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34259"
              },
              {
                "name": "34035",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34035"
              },
              {
                "name": "33873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33873"
              },
              {
                "name": "SUSE-SR:2009:006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
              },
              {
                "name": "ADV-2009-0510",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0510"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://optipng.sourceforge.net"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913"
              },
              {
                "name": "35685",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35685"
              },
              {
                "name": "SUSE-SR:2009:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
              },
              {
                "name": "[oss-security] 20090224 CVE request: optipng security release",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/24/2"
              },
              {
                "name": "[oss-security] 20090225 Re: CVE request: optipng security release",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/25/4"
              },
              {
                "name": "GLSA-200903-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml"
              },
              {
                "name": "optipng-gifreadnextextension-code-execution(48879)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34201",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34201"
            },
            {
              "name": "34259",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34259"
            },
            {
              "name": "34035",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34035"
            },
            {
              "name": "33873",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33873"
            },
            {
              "name": "SUSE-SR:2009:006",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
            },
            {
              "name": "ADV-2009-0510",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0510"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://optipng.sourceforge.net"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913"
            },
            {
              "name": "35685",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35685"
            },
            {
              "name": "SUSE-SR:2009:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
            },
            {
              "name": "[oss-security] 20090224 CVE request: optipng security release",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/24/2"
            },
            {
              "name": "[oss-security] 20090225 Re: CVE request: optipng security release",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/25/4"
            },
            {
              "name": "GLSA-200903-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml"
            },
            {
              "name": "optipng-gifreadnextextension-code-execution(48879)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34201",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34201"
                },
                {
                  "name": "34259",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34259"
                },
                {
                  "name": "34035",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34035"
                },
                {
                  "name": "33873",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33873"
                },
                {
                  "name": "SUSE-SR:2009:006",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
                },
                {
                  "name": "ADV-2009-0510",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0510"
                },
                {
                  "name": "http://optipng.sourceforge.net",
                  "refsource": "CONFIRM",
                  "url": "http://optipng.sourceforge.net"
                },
                {
                  "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2582013\u0026group_id=151404\u0026atid=780913"
                },
                {
                  "name": "35685",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35685"
                },
                {
                  "name": "SUSE-SR:2009:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
                },
                {
                  "name": "[oss-security] 20090224 CVE request: optipng security release",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/24/2"
                },
                {
                  "name": "[oss-security] 20090225 Re: CVE request: optipng security release",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/25/4"
                },
                {
                  "name": "GLSA-200903-12",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml"
                },
                {
                  "name": "optipng-gifreadnextextension-code-execution(48879)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0749",
        "datePublished": "2009-03-02T20:00:00.000Z",
        "dateReserved": "2009-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:51.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }