CVE-2008-5101

Upstream information

CVE-2008-5101 at MITRE

Description

Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 447453 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-SR:2009:006, published Tue, 10 Mar 2009 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.0	optipng-debuginfo >= 0.6.2-2.2 optipng-debugsource >= 0.6.2-2.2
openSUSE 11.0	optipng >= 0.6.2-2.2
openSUSE 11.1	optipng-debuginfo >= 0.6.1-10.3.1
openSUSE 11.1	optipng >= 0.6.1-10.3.1