CVE-2016-3981

Name of the Vulnerable Software and Affected Versions OptiPNG versions prior to 0.7.6

Description The issue is related to a heap-based buffer overflow in the bmp read rows function, which can be triggered by a crafted image file. This could allow remote attackers to cause a denial of service, such as out-of-bounds read or write access and crash, or possibly execute arbitrary code.

Recommendations For versions prior to 0.7.6, update to version 0.7.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the bmp read rows function until a patch is available. Restrict access to crafted image files to minimize the risk of exploitation.