CVE-2016-3982 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2016-3982?

CVE-2016-3982 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-3982?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Debian Debian Linux, Optipng Project Optipng, Canonical Ubuntu Linux.

Vulnerability Description

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Debian	Debian Linux	7.0
Optipng Project	Optipng	<= 0.7.5
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-119

References

http://bugs.fi/media/afl/optipng/2/Issue Tracking
http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3546Third Party Advisory
http://www.ubuntu.com/usn/USN-2951-1Third Party Advisory
https://security.gentoo.org/glsa/201608-01
https://sourceforge.net/p/optipng/bugs/57/PatchVendor Advisory
http://bugs.fi/media/afl/optipng/2/Issue Tracking
http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3546Third Party Advisory
http://www.ubuntu.com/usn/USN-2951-1Third Party Advisory
https://security.gentoo.org/glsa/201608-01
https://sourceforge.net/p/optipng/bugs/57/PatchVendor Advisory

FAQ

What is CVE-2016-3982?

CVE-2016-3982 is a vulnerability with a CVSS score of 8.8 (HIGH). Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly ex...

How severe is CVE-2016-3982?

CVE-2016-3982 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3982?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Debian Debian Linux, Optipng Project Optipng, Canonical Ubuntu Linux.