Your submission was sent successfully! Close

CVE-2017-1000229

Published: 17 November 2017

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
optipng
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.7.6-1ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.6.4-1ubuntu0.14.04.2])
Patches:
Other: https://sourceforge.net/p/optipng/bugs/65/#f6bb