CVE-2016-3982 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Optipng
Severity
8.8HIGHNVD
EPSS
2.2%
top 15.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 13
Latest updateMay 14
Description
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.10