Arch Linux: ASA-201604-5 High: optipng Arbitrary Code Execution Risk

Arch Linux Security Advisory ASA-201604-5
========================================
Severity: High
Date    : 2016-04-04
CVE-ID  : CVE-2016-2191
Package : optipng
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package optipng before version 0.7.6-1 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 0.7.6-1.

# pacman -Syu "optipng>=0.7.6-1"

The problem has been fixed upstream in version 0.7.6.

Workaround
=========
None.

Description
==========
An invalid write may occur in optipng before version 0.7.6 while
processing bitmap images due to `crt_row' being (inc|dec)remented
without any boundary checking when encountering delta escapes. This
issue can possibly be used to execute arbitrary code.

Impact
=====
A remote attacker is able to use a specially crafted bitmap image file
to execute arbitrary code.

References
=========
https://www.cve.org/CVERecord?id=CVE-2016-2191

https://www.openwall.com/lists/oss-security/2016/04/04/2