1
PublicDateAtUSN: 2016-04-13
2
Candidate: CVE-2016-3982
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3982
6
http://www.debian.org/security/2016/dsa-3546
7
https://usn.ubuntu.com/usn/usn-2951-1
9
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG
10
before 0.7.6 allows remote attackers to cause a denial of service
11
(out-of-bounds read or write access and crash) or possibly execute
12
arbitrary code via a crafted image file, which triggers a heap-based buffer
16
tyhicks> verified that 14.04 through 15.10 are affected via valgrind and
17
the reproducer from bugs.fi
19
https://sourceforge.net/p/optipng/bugs/57/
20
http://bugs.fi/media/afl/optipng/2/
22
Discovered-by: Henri Salo
26
upstream_optipng: released (0.7.6-1)
27
precise_optipng: released (0.6.4-1ubuntu0.12.04.1)
28
trusty_optipng: released (0.6.4-1ubuntu0.14.04.1)
29
vivid/stable-phone-overlay_optipng: DNE
30
vivid/ubuntu-core_optipng: DNE
31
wily_optipng: released (0.7.5-1ubuntu0.1)
32
devel_optipng: not-affected (0.7.6-1)