{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://sourceforge.net/p/optipng/bugs/59/"}, {"name": "[oss-security] 20160404 CVE-2016-2191: optipng: invalid write", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/04/04/2"}, {"name": "openSUSE-SU-2016:1082", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"}, {"name": "DSA-3546", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3546"}, {"name": "USN-2951-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2951-1"}, {"name": "openSUSE-SU-2016:1078", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"}, {"name": "20160404 CVE-2016-2191: optipng: invalid write", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537972/100/0/threaded"}, {"name": "20160404 CVE-2016-2191: optipng: invalid write", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Apr/15"}, {"name": "GLSA-201608-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201608-01"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:48.172Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceforge.net/p/optipng/bugs/59/"}, {"name": "[oss-security] 20160404 CVE-2016-2191: optipng: invalid write", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/04/04/2"}, {"name": "openSUSE-SU-2016:1082", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"}, {"name": "DSA-3546", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3546"}, {"name": "USN-2951-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2951-1"}, {"name": "openSUSE-SU-2016:1078", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"}, {"name": "20160404 CVE-2016-2191: optipng: invalid write", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/537972/100/0/threaded"}, {"name": "20160404 CVE-2016-2191: optipng: invalid write", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Apr/15"}, {"name": "GLSA-201608-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201608-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-2191", "datePublished": "2016-04-13T16:00:00.000Z", "dateReserved": "2016-01-29T00:00:00.000Z", "dateUpdated": "2024-08-05T23:24:48.172Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:optipng:optipng:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0E03C682-9693-4959-85D4-75E00A5C5EA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image."}, {"lang": "es", "value": "La funci\u00f3n bmp_read_rows en pngxtern/pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura de memoria inv\u00e1lida y ca\u00edda) a trav\u00e9s de una serie de escapes delta en una imagen BMP manipulada."}], "id": "CVE-2016-2191", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-13T16:59:11.130", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Apr/15"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3546"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/04/04/2"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/537972/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2951-1"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201608-01"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://sourceforge.net/p/optipng/bugs/59/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Apr/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3546"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/04/04/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/537972/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2951-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201608-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://sourceforge.net/p/optipng/bugs/59/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "optipng: Invalid write while processing delta escapes without any boundary checking", "id": "1308550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308550"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "draft"}, "cwe": "CWE-787", "details": ["The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image."], "name": "CVE-2016-2191", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "optipng", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-04-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-2191\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2191"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}

{}