Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-43907

OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.

Published

2023-10-01T01:15:24.947

Last Modified

2024-11-21T08:24:59.807

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-120
Type: Secondary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	optipng_project	optipng	0.7.7	Yes

References

http://optipng.sourceforge.net/ Product ([email protected])
https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md Exploit, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5/ ([email protected])
https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain&download= Product ([email protected])
http://optipng.sourceforge.net/ Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBHVG5LDE2K3FZSIK4XFXOUXSE7NZ5JH/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCG5CMDT37WCZGAWQNOIPVP4VHGCPUU3/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAB22JXDE7O27DYARZXC7PFUETM5OOT5/ (af854a3a-2127-422b-91ae-364da2661108)
https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain&download= Product (af854a3a-2127-422b-91ae-364da2661108)