Home

CVE-2016-2191

Description

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.064

Associated Vulnerability

VulnerabilityOS Platform
optipng security update(DSA-3546-1) optipng_0.6.4-1+deb7u2_i386.debLinux
optipng security update(DSA-3546-1) optipng_0.7.5-1+deb8u1_i386.debLinux
optipng security update(DSA-3546-1) optipng_0.7.5-1+deb8u1_amd64.debLinux
optipng Security Update (ALAS-2019-1313) optipng-0.7.7-3.amzn2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234