CVE-2015-7802
published 2016-04-20CVE-2015-7802: gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
PriorityP419medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.56%
72.2th percentile
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | optipng | < optipng 0.7.6-1 (bookworm) | optipng 0.7.6-1 (bookworm) |
| optipng_project | optipng | — | — |
| optipng_project | optipng | >= 0 < 0.7.6-1 | 0.7.6-1 |
| optipng_project | optipng | >= 0 < 0.7.6-1 | 0.7.6-1 |
| optipng_project | optipng | >= 0 < 0.7.6-1 | 0.7.6-1 |
| optipng_project | optipng | >= 0 < 0.7.6-1 | 0.7.6-1 |
| optipng_project | optipng | >= 0 < 0.6.4-1ubuntu0.14.04.1 | 0.6.4-1ubuntu0.14.04.1 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OptiPNG vulnerabilities
vendor_ubuntu·2016-04-18·CVSS 8.8
CVE-2015-7801 [HIGH] OptiPNG vulnerabilities
Title: OptiPNG vulnerabilities
Summary: OptiPNG could be made to crash or run programs as your login if it opened a
specially crafted file.
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801)
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7802)
Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. A
remote attacker could use this issue with a specially crafted image file to
cause OptiPNG to crash, resulting in a denial of service, or possi
Red Hat
optipng: Buffer overflow in global memory
vendor_redhat·2015-09-23·CVSS 5.5
CVE-2015-7802 [MEDIUM] CWE-119 optipng: Buffer overflow in global memory
optipng: Buffer overflow in global memory
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
Package: optipng (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2015-7802: optipng - gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers t...
vendor_debian·2015·CVSS 5.5
CVE-2015-7802 [MEDIUM] CVE-2015-7802: optipng - gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers t...
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
Scope: local
bookworm: resolved (fixed in 0.7.6-1)
bullseye: resolved (fixed in 0.7.6-1)
forky: resolved (fixed in 0.7.6-1)
sid: resolved (fixed in 0.7.6-1)
trixie: resolved (fixed in 0.7.6-1)
GHSA
GHSA-3c85-4h37-m8ww: gifread
ghsa_unreviewed·2022-05-14
CVE-2015-7802 [MEDIUM] CWE-119 GHSA-3c85-4h37-m8ww: gifread
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
OSV
CVE-2015-7802: gifread
osv·2016-04-20·CVSS 5.5
CVE-2015-7802 [MEDIUM] CVE-2015-7802: gifread
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
OSV
optipng vulnerabilities
osv·2016-04-18·CVSS 8.8
CVE-2015-7801 [HIGH] optipng vulnerabilities
optipng vulnerabilities
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801)
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7802)
Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. A
remote attacker could use this issue with a specially crafted image file to
cause OptiPNG to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-2191)
Henri Salo discovered that OptiPNG incorrectly handled memory. A remote
No detection rules found.
No public exploits indexed.
2016-04-20
Published