Package optipng updated to version 0.7.7-alt1 for branch sisyphus in task 208170.

Published: 2017-11-17
Modified: 2024-11-21

CVE-2017-1000229

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update
[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update
GLSA-201801-02
GLSA-201801-02
https://sourceforge.net/p/optipng/bugs/65/
https://sourceforge.net/p/optipng/bugs/65/
DSA-4058
DSA-4058

Published: 2017-11-24
Modified: 2024-11-21

CVE-2017-16938

A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update
[debian-lts-announce] 20171130 [SECURITY] [DLA 1196-1] optipng security update
GLSA-201801-02
GLSA-201801-02
https://sourceforge.net/p/optipng/bugs/69/
https://sourceforge.net/p/optipng/bugs/69/
DSA-4058
DSA-4058

Version: 2.1.0

Package optipng update in sisyphus on 2018-06-09

ALT-PU-2018-1888-1

Closed vulnerabilities

CVE-2017-1000229

CVE-2017-16938