FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

optipng -- arbitrary code execution via crafted BMP image

Affected packages
optipng < 0.6.2

Details

VuXML ID 2bc960c4-e665-11dd-afcd-00e0815b8da8
Discovery 2008-11-11
Entry 2009-01-19

Secunia reports:

A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

References

CVE Name CVE-2008-5101
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399
URL http://optipng.sourceforge.net/
URL http://secunia.com/advisories/32651