ID CVE-2017-1000229
Summary Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
References
Vulnerable Configurations
  • cpe:2.3:a:optipng_project:optipng:0.7.6
    cpe:2.3:a:optipng_project:optipng:0.7.6
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1184.NASL
    description An integer overflow vulnerability was found in optipng, an advanced PNG optimizer that also recognizes other external file formats. This may lead to arbitrary code execution when a maliciously crafted TIFF file is processed. For Debian 7 'Wheezy', these problems have been fixed in version 0.6.4-1+deb7u3. We recommend that you upgrade your optipng packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-09
    plugin id 104721
    published 2017-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104721
    title Debian DLA-1184-1 : optipng security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201801-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201801-02 (OptiPNG: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OptiPNG. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to process a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 105628
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105628
    title GLSA-201801-02 : OptiPNG: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1320.NASL
    description This update for optipng fixes the following issues : Security issue fixed : - CVE-2017-1000229: Fix integer overflow bug in function minitiff_read_info() allows an attacker to remotely execute code or cause denial of service (boo#1068720). - CVE-2017-16938: Fix a global buffer overflow that allows attackers to cause DoS via a maliciously crafted GIF file (bsc#1069774).
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 105220
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105220
    title openSUSE Security Update : optipng (openSUSE-2017-1320)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-018464CBF9.NASL
    description Security fix for CVE-2017-1000229 and CVE-2017-16938 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-02-01
    plugin id 105379
    published 2017-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105379
    title Fedora 26 : optipng (2017-018464cbf9)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-E56A2DDD09.NASL
    description Security fix for CVE-2017-1000229 and CVE-2017-16938 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-02-02
    plugin id 105990
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105990
    title Fedora 27 : optipng (2017-e56a2ddd09)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4058.NASL
    description Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.
    last seen 2018-11-14
    modified 2018-11-13
    plugin id 105119
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105119
    title Debian DSA-4058-1 : optipng - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3495-1.NASL
    description It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 104810
    published 2017-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104810
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : optipng vulnerability (USN-3495-1)
refmap via4
debian DSA-4058
gentoo GLSA-201801-02
misc https://sourceforge.net/p/optipng/bugs/65/
mlist [debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update
Last major update 17-11-2017 - 00:29
Published 17-11-2017 - 00:29
Last modified 03-02-2018 - 21:29
Back to Top