CVE-2016-3982

Published: Apr 13, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

Affected (8)

Products: Opensuse: Leap, Opensuse · Debian: Debian Linux · Optipng Project: Optipng · +1 more

Show all products

Opensuse: Leap, Opensuse · Debian: Debian Linux · Optipng Project: Optipng · Canonical: Ubuntu Linux

2 products

1 product

Optipng Project

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Optipng Project Optipng	Up to 0.7.5

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://bugs.fi/media/afl/optipng/2/

Source: cve@mitre.org

Issue Tracking

http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2016/dsa-3546

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2951-1

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201608-01

Source: cve@mitre.org

https://sourceforge.net/p/optipng/bugs/57/

Source: cve@mitre.org

PatchVendor Advisory

http://bugs.fi/media/afl/optipng/2/

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2016/dsa-3546

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-2951-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201608-01

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceforge.net/p/optipng/bugs/57/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.