CVE-2017-1000229Integer Overflow or Wraparound in Project Optipng

CWE-190Integer Overflow or WraparoundCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 41.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Optipng Project OptipngDebian Linux
Timeline
PublishedNov 17
Latest updateMay 14

Description

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianoptipng_project/optipng< 0.7.6-1.1+3

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-jv9j-wgx3-2884: Integer overflow bug in function minitiff_read_info() of optipng 02022-05-14
CVEList
CVE-2017-1000229: Integer overflow bug in function minitiff_read_info() of optipng 02017-11-17
OSV
CVE-2017-1000229: Integer overflow bug in function minitiff_read_info() of optipng 02017-11-17

📋Vendor Advisories

3
Red Hat
optipng: integer overflow in tiffread.c:minitiff_read_info() leading to denial of service2017-12-04
Ubuntu
OptiPNG vulnerability2017-11-27
Debian
CVE-2017-1000229: optipng - Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an...2017

💬Community

2
Bugzilla
CVE-2017-1000229 optipng: integer overflow in tiffread.c:minitiff_read_info() leading to denial of service [fedora-all]2017-12-04
Bugzilla
CVE-2017-1000229 optipng: integer overflow in tiffread.c:minitiff_read_info() leading to denial of service2017-12-04
CVE-2017-1000229 — Integer Overflow or Wraparound | cvebase