From 92eb83fbc39485f3b9e9b6dd971a14c6a2738ac7 Mon Sep 17 00:00:00 2001 From: wxs Date: Mon, 19 Jan 2009 20:21:31 +0000 Subject: - Document graphics/optipng buffer overflow PR: ports/129072 Submitted by: Eygene Ryabinkin --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ca7ac7dfb21d..925bf39486cc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,42 @@ Note: Please add new entries to the beginning of this file. --> + + optipng -- arbitrary code execution via crafted BMP image + + + optipng + 0.6.2 + + + + +

Secunia reports:

+
A vulnerability has been reported in OptiPNG, which + potentially can be exploited by malicious people to compromise + a user's system.
+
The vulnerability is caused due to a boundary error in + the BMP reader and can be exploited to cause a buffer + overflow by tricking a user into processing a specially + crafted file.
+
Successful exploitation may allow execution of arbitrary + code.
+

+ + + + CVE-2008-5101 + http://secunia.com/advisories/32651 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399 + http://optipng.sourceforge.net/ + + + 2008-11-11 + 2009-01-19 + + + git -- gitweb privilege escalation -- cgit