SUSE Package Hub - openSUSE-2023-388

Update Info

openSUSE-2023-388

Security update for optipng

Type: security

Severity: moderate

Issued: 2023-12-02

Description:

This update for optipng fixes the following issues:

Update to 0.7.8:

* CVE-2023-43907: Fixed a global-buffer-overflow vulnerability in the GIF reader (boo#1215937).
* Fixed a stack-print-after-scope defect in the error handler.
* Fixed an assertion failure in the image reduction module.
* Fixed the command-line wildargs expansion in the Windows port.
* Refactored the structured exception handling.

References

CVE: CVE-2023-43907
Bugzilla: 1215937 VUL-0: CVE-2023-43907: optipng: global buffer overflow via the 'buffer' variable at gifread.c

Packages

optipng-0.7.8-bp154.3.5.1