| Package | optipng |
|---|---|
| Version | 0.7.5-1+deb8u3 (jessie), 0.7.6-1+deb9u2 (stretch) |
| Related CVEs | CVE-2015-7802 CVE-2023-43907 |
Optipng, a tool for optimizing image files, by recompressesing image files to a smaller size, without losing any information, was vulnerable.
CVE-2015-7802
Under Debian 8 (jessie), optipng allowed remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. Debian 9, stretch, was already fixed.
CVE-2023-43907
A global buffer overflow via the 'buffer' variable at gifread.c, was found.
For Debian 8 jessie, these problems have been fixed in version 0.7.5-1+deb8u3.
For Debian 9 stretch, these problems have been fixed in version 0.7.6-1+deb9u2.
We recommend that you upgrade your optipng packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.