From owner-freebsd-security@FreeBSD.ORG Sat Nov 22 20:01:40 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FE71106564A; Sat, 22 Nov 2008 20:01:40 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 1C25A8FC13; Sat, 22 Nov 2008 20:01:40 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:To:Subject:From:Reply-To:Cc:X-send-pr-version:X-GNATS-Notify:Message-Id:Date; b=ODra5uobpGGEDZr8pAdyR8xwv3nPvVFEutvz5ZIVad6rM86f4bkqOLcoYE2ogMk9MI1mhLESS7krP6Zx8L+4LRMHcZvXW1b/1A2lMch/fDSabwMqLlyBFzq+5SJF5TaijyfrHeYUy2eISj3noPF9r+tMTPwn2ccejs22Ni30wrU=; Received: from phoenix.codelabs.ru (ppp91-78-248-208.pppoe.mtu-net.ru [91.78.248.208]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1L3yfj-000FWP-1j; Sat, 22 Nov 2008 23:01:39 +0300 To: FreeBSD-gnats-submit@freebsd.org From: Eygene Ryabinkin X-send-pr-version: 3.113 X-GNATS-Notify: tom@hur.st Message-Id: <20081122200136.432B3F181F@phoenix.codelabs.ru> Date: Sat, 22 Nov 2008 23:01:36 +0300 (MSK) Cc: freebsd-security@freebsd.org Subject: [vuxml] graphics/optipng: document CVE-2008-5101 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2008 20:01:40 -0000 >Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] graphics/optipng: document CVE-2008-5101 >Severity: serious >Priority: high >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: Buffer overflow in the OptiPNG BMP file handling was discovered. The code in question exists even in the 0.5.4, so, while it is questionable if such an old version can be attacked with the original exploit, I think that 0.5.4 has this vulnerability too. Have no direct evidence though. >How-To-Repeat: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101 http://secunia.com/advisories/32651 >Fix: The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- optipng -- arbitrary code execution via crafted BMP image optipng 1.6.2

Secunia reports:

A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 0.6.2.

CVE-2008-5101 http://secunia.com/advisories/32651 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399 http://optipng.sourceforge.net/ 2008-11-11 --- vuln.xml ends here --- Please, note that there is PR ports/128877 that updates port to 0.6.2 and this version isn't vulnerable. I feel that the PR severity can be raised due to the found vulnerability.