CVE-2016-3982

Name of the Vulnerable Software and Affected Versions OptiPNG versions prior to 0.7.6

Description The issue is caused by an off-by-one error in the bmp rle4 fread function, leading to a heap-based buffer overflow when processing a crafted image file. This can result in a denial of service, such as an out-of-bounds read or write access and crash, or possibly allow remote attackers to execute arbitrary code.

Recommendations For versions prior to 0.7.6, update to version 0.7.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the bmp rle4 fread function in the pngxrbmp.c file until a patch is available. Restrict access to crafted image files to minimize the risk of exploitation.