Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21444
HistoryMar 09, 2009 - 12:00 a.m.

[ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code

2009-03-0900:00:00
vulners.com
4
JSON

Gentoo Linux Security Advisory GLSA 200903-12

                                        http://security.gentoo.org/

Severity: Normal
Title: OptiPNG: User-assisted execution of arbitrary code
Date: March 09, 2009
Bugs: #260265
ID: 200903-12

Synopsis

A vulnerability in OptiPNG might result in user-assisted execution of
arbitrary code.

Background

OptiPNG is a PNG optimizer that recompresses image files to a smaller
size, without losing any information.

Affected packages

-------------------------------------------------------------------
 Package            /  Vulnerable  /                    Unaffected
-------------------------------------------------------------------

1 media-gfx/optipng < 0.6.2-r1 >= 0.6.2-r1

Description

Roy Tam reported a use-after-free vulnerability in the
GIFReadNextExtension() function in lib/pngxtern/gif/gifread.c leading
to a memory corruption when reading a GIF image.

Impact

A remote attacker could entice a user to process a specially crafted
GIF image, possibly resulting in the execution of arbitrary code with
the privileges of the user running the application, or a Denial of
Service.

Workaround

There is no known workaround at this time.

Resolution

All OptiPNG users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/optipng-0.6.2-r1&quot;

References

[ 1 ] CVE-2009-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0749

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200903-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related

nessus 7
redhatcve 1
prion 1
openvas 10
debiancve 1
gentoo 1
securityvulns 1
cve 1
ubuntucve 1
nessus
nessus
GLSA-200903-12 : OptiPNG: User-assisted execution of arbitrary code
2009-03-10 00:00:00
openSUSE Security Update : optipng (optipng-972)
2009-07-21 00:00:00
openSUSE Security Update : optipng (optipng-972)
2009-07-21 00:00:00
redhatcve
redhatcve
CVE-2009-0749
2019-10-04 21:21:27
prion
prion
Design/Logic Flaw
2009-03-02 20:30:00
openvas
openvas
Fedora Core 10 FEDORA-2009-2100 (optipng)
2009-03-02 00:00:00
Gentoo Security Advisory GLSA 200903-12 (optipng)
2009-03-13 00:00:00
Fedora Core 9 FEDORA-2009-2098 (optipng)
2009-03-02 00:00:00
debiancve
debiancve
CVE-2009-0749
2009-03-02 20:30:00
gentoo
gentoo
OptiPNG: User-assisted execution of arbitrary code
2009-03-09 00:00:00
securityvulns
securityvulns
OptiPNG buffer overflow
2009-03-09 00:00:00
cve
cve
CVE-2009-0749
2009-03-02 20:30:00
ubuntucve
ubuntucve
CVE-2009-0749
2009-03-02 00:00:00
JSON
Related for SECURITYVULNS:DOC:21444
nessus7redhatcve1prion1openvas10debiancve1gentoo1securityvulns1cve1ubuntucve1