FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

optipng -- arbitrary code execution via crafted BMP image

Affected packages
optipng < 0.6.2

Details

VuXML ID 2bc960c4-e665-11dd-afcd-00e0815b8da8
Discovery 2008-11-11
Entry 2009-01-19

Secunia reports:

A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

[source]

References

CVE Name CVE-2008-5101
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399
URL http://optipng.sourceforge.net/
URL http://secunia.com/advisories/32651

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.