CVE-2015-7802 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Optipng

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

5.5MEDIUMNVD

OSV8.8

EPSS

0.4%

top 38.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Optipng Project Optipng Canonical Ubuntu Linux

Timeline

PublishedApr 20

Latest updateMay 14

Description

gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianoptipng_project/optipng< 0.7.6-1+3

▶Ubuntuoptipng_project/optipng< 0.6.4-1ubuntu0.14.04.1

▶NVDoptipng_project/optipng0.7.5

Also affects: Ubuntu Linux 12.04, 14.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-3c85-4h37-m8ww: gifread↗2022-05-14

▶

OSV

CVE-2015-7802: gifread↗2016-04-20

▶

CVEList

CVE-2015-7802: gifread↗2016-04-20

▶

OSV

optipng vulnerabilities↗2016-04-18

▶

📋Vendor Advisories

Ubuntu

OptiPNG vulnerabilities↗2016-04-18

▶

Red Hat

optipng: Buffer overflow in global memory↗2015-09-23

▶

Debian

CVE-2015-7802: optipng - gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers t...↗2015

▶

💬Community

Bugzilla

CVE-2015-7802 optipng: Buffer overflow in global memory↗2015-09-24

▶