PublicDateAtUSN: 2016-04-13
Candidate: CVE-2016-3981
PublicDate: 2016-04-13 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3981
 http://www.debian.org/security/2016/dsa-3546
 https://ubuntu.com/security/notices/USN-2951-1
Description:
 Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in
 OptiPNG before 0.7.6 allows remote attackers to cause a denial of service
 (out-of-bounds read or write access and crash) or possibly execute
 arbitrary code via a crafted image file.
Ubuntu-Description:
Notes:
 tyhicks> verified that 14.04 through 15.10 are affected via valgrind and
  the reproducer from bugs.fi
Bugs:
 https://sourceforge.net/p/optipng/bugs/56/
 http://bugs.fi/media/afl/optipng/1/
Priority: medium
Discovered-by: Henri Salo
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_optipng:
upstream_optipng: released (0.7.6-1)
precise_optipng: released (0.6.4-1ubuntu0.12.04.1)
trusty_optipng: released (0.6.4-1ubuntu0.14.04.1)
trusty/esm_optipng: DNE (trusty was released [0.6.4-1ubuntu0.14.04.1])
vivid/stable-phone-overlay_optipng: DNE
vivid/ubuntu-core_optipng: DNE
wily_optipng: released (0.7.5-1ubuntu0.1)
devel_optipng: not-affected (0.7.6-1)