FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

optipng -- arbitrary code execution via crafted BMP image

Affected packages
optipng < 0.6.2


VuXML ID 2bc960c4-e665-11dd-afcd-00e0815b8da8
Discovery 2008-11-11
Entry 2009-01-19

Secunia reports:

A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.


CVE Name CVE-2008-5101