The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 15.04 |
| optipng | optipng | 0.7.2 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |