Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-43907: OptiPNG Home Page

OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the ‘buffer’ variable at gifread.c.

CVE
#vulnerability#buffer_overflow

OptiPNG: Advanced PNG Optimizer

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats (BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks and corrections.
If you wish to learn how PNG optimization works, or to know about other similar tools, see the PNG-Tech article A guide to PNG optimization.

IMPORTANT UPGRADE
See the Security Information section below.

Download

  • OptiPNG 0.7.7 (stable)

  • OptiPNG Hg (experimental development, DISCONTINUED)

Security information

You are strongly encouraged to upgrade to the latest version 0.7.7.

Here is a list security-sensitive issues that affect the previous versions:

  • Joonun Jang reported a buffer overflow vulnerability in the GIF decoder, discovered by a fuzzer developed by the SoftSec group at KAIST. All versions prior to 0.7.7 that support GIF files (i.e. from version 0.5 to version 0.7.6) are affected.

  • Jaeseung Choi reported an integer overflow vulnerability in the TIFF decoder. All versions prior to 0.7.7 that support TIFF files (i.e. from version 0.5.3 to version 0.7.6) are affected.

  • Henri Salo and Hans Jerry Illikainen reported two vulnerabilities in the compressed BMP decoder, discovered by using the American Fuzzy Lop. All versions prior to 0.7.6 that support compressed BMP files (i.e. from version 0.6 to version 0.7.5) are affected.

  • Gynvael Coldwind and Mateusz Jurczyk reported a use-after-free vulnerability in the palette reduction code, affecting the versions 0.7, 0.7.1 and 0.7.2, partially fixed in version 0.7.3, and fully fixed in version 0.7.4.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907