ArchLinux: 201604-5: optipng: arbitrary code execution
Summary
An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes. This issue can possibly be used to execute arbitrary code.
Resolution
Upgrade to 0.7.6-1.
# pacman -Syu "optipng>=0.7.6-1"
The problem has been fixed upstream in version 0.7.6.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191 https://sourceforge.net/p/optipng/bugs/59/ https://www.openwall.com/lists/oss-security/2016/04/04/2
Workaround
None.