CVE-2008-5101
published 2008-11-17CVE-2008-5101: Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an…
PriorityP339critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.02%
89.3th percentile
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | optipng | < optipng 0.6.1.1-1 (bookworm) | optipng 0.6.1.1-1 (bookworm) |
| optipng | optipng | — | — |
| optipng | optipng | — | — |
| optipng_project | optipng | >= 0 < 0.6.1.1-1 | 0.6.1.1-1 |
| optipng_project | optipng | >= 0 < 0.6.1.1-1 | 0.6.1.1-1 |
| optipng_project | optipng | >= 0 < 0.6.1.1-1 | 0.6.1.1-1 |
| optipng_project | optipng | >= 0 < 0.6.1.1-1 | 0.6.1.1-1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cjj9-29x7-jq96: Buffer overflow in the BMP reader in OptiPNG 0
ghsa_unreviewed·2022-05-17
CVE-2008-5101 [HIGH] CWE-119 GHSA-cjj9-29x7-jq96: Buffer overflow in the BMP reader in OptiPNG 0
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
OSV
CVE-2008-5101: Buffer overflow in the BMP reader in OptiPNG 0
osv·2008-11-17·CVSS 9.3
CVE-2008-5101 [CRITICAL] CVE-2008-5101: Buffer overflow in the BMP reader in OptiPNG 0
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
Red Hat
OptiPNG: Buffer overflow in BMP image handling reader
vendor_redhat·2008-10-09·CVSS 9.3
CVE-2008-5101 [CRITICAL] OptiPNG: Buffer overflow in BMP image handling reader
OptiPNG: Buffer overflow in BMP image handling reader
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
Debian
CVE-2008-5101: optipng - Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted ...
vendor_debian·2008·CVSS 9.3
CVE-2008-5101 [CRITICAL] CVE-2008-5101: optipng - Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted ...
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
Scope: local
bookworm: resolved (fixed in 0.6.1.1-1)
bullseye: resolved (fixed in 0.6.1.1-1)
forky: resolved (fixed in 0.6.1.1-1)
sid: resolved (fixed in 0.6.1.1-1)
trixie: resolved (fixed in 0.6.1.1-1)
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.htmlhttp://openwall.com/lists/oss-security/2008/11/12/1http://optipng.sourceforge.net/http://prdownloads.sourceforge.net/optipng/optipng-0.6.1.1.diff?downloadhttp://secunia.com/advisories/32651http://secunia.com/advisories/34259http://security.gentoo.org/glsa/glsa-200812-01.xmlhttp://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404http://www.securityfocus.com/bid/32248http://www.vupen.com/english/advisories/2008/3108https://exchange.xforce.ibmcloud.com/vulnerabilities/46519http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.htmlhttp://openwall.com/lists/oss-security/2008/11/12/1http://optipng.sourceforge.net/http://prdownloads.sourceforge.net/optipng/optipng-0.6.1.1.diff?downloadhttp://secunia.com/advisories/32651http://secunia.com/advisories/34259http://security.gentoo.org/glsa/glsa-200812-01.xmlhttp://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404http://www.securityfocus.com/bid/32248http://www.vupen.com/english/advisories/2008/3108https://exchange.xforce.ibmcloud.com/vulnerabilities/46519
2008-11-17
Published