{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-08-22T00:00:00", "datePublic": "2017-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"}, {"name": "DSA-4058", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4058"}, {"name": "GLSA-201801-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201801-02"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/optipng/bugs/65/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-08-22T17:29:33.458408", "ID": "CVE-2017-1000229", "REQUESTER": "jschoi.2022@gmail.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"}, {"name": "DSA-4058", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4058"}, {"name": "GLSA-201801-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201801-02"}, {"name": "https://sourceforge.net/p/optipng/bugs/65/", "refsource": "MISC", "url": "https://sourceforge.net/p/optipng/bugs/65/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:07.413Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"}, {"name": "DSA-4058", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4058"}, {"name": "GLSA-201801-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201801-02"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/optipng/bugs/65/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000229", "datePublished": "2017-11-17T05:00:00", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2024-08-05T21:53:07.413Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:optipng_project:optipng:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "D5B95311-98CB-44DE-91AE-73B33E20D2BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service."}, {"lang": "es", "value": "Un fallo de desbordamiento de enteros en la funci\u00f3n minitiff_read_info() de optipng 0.7.6 permite que un atacante ejecute c\u00f3digo de manera remota o provoque una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2017-1000229", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-17T05:29:00.483", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201801-02"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/optipng/bugs/65/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201801-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/optipng/bugs/65/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4058"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "optipng: integer overflow in tiffread.c:minitiff_read_info() leading to denial of service", "id": "1520234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520234"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-190->CWE-122", "details": ["Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.", "An integer overflow flaw leading to heap memory corruption was found in the way OptiPNG handles processing of TIFF files. This flaw could potentially be used to crash the OptiPNG program by tricking it into processing crafted TIFF files."], "name": "CVE-2017-1000229", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "optipng", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1000229\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000229"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}