git: 058d72efccda - main - security/vuxml: document optipng vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 03 Nov 2023 21:18:11 UTC
The branch main has been updated by fuz:
URL: https://cgit.FreeBSD.org/ports/commit/?id=058d72efccdaaff3cca0d5780fb3de61d64a5321
commit 058d72efccdaaff3cca0d5780fb3de61d64a5321
Author: Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2023-11-02 03:04:33 +0000
Commit: Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-11-03 21:16:08 +0000
security/vuxml: document optipng vulnerability
PR: 274822
Reported by: Thomas Hurst <tom@hur.st>
---
security/vuxml/vuln/2023.xml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 6ebf350467cb..d31225b5542b 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,32 @@
+ <vuln vid="fe7ac70a-792b-11ee-bf9a-a04a5edf46d9">
+ <topic>PptiPNG -- Global-buffer-overflow</topic>
+ <affects>
+ <package>
+ <name>optipng</name>
+ <range><lt>0.7.7_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Frank-Z7 reports:</p>
+ <blockquote cite="https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md">
+ <p>Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out"
+ configuration options enabled raises a global-buffer-overflow bug,
+ which could allow a remote attacker to conduct a denial-of-service
+ attack or other unspecified effect on a crafted file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-43907</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-43907</url>
+ </references>
+ <dates>
+ <discovery>2023-09-30</discovery>
+ <entry>2023-11-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="a1e27775-7a61-11ee-8290-a8a1599412c6">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>