cbcvebase.
CVE-2008-5101
published 2008-11-17

CVE-2008-5101: Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an…

PriorityP339critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.02%
89.3th percentile
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."

Affected

7 ranges
VendorProductVersion rangeFixed in
debianoptipng< optipng 0.6.1.1-1 (bookworm)optipng 0.6.1.1-1 (bookworm)
optipngoptipng
optipngoptipng
optipng_projectoptipng>= 0 < 0.6.1.1-10.6.1.1-1
optipng_projectoptipng>= 0 < 0.6.1.1-10.6.1.1-1
optipng_projectoptipng>= 0 < 0.6.1.1-10.6.1.1-1
optipng_projectoptipng>= 0 < 0.6.1.1-10.6.1.1-1

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.