Advisories » MGASA-2023-0333

Updated optipng packages fix a security vulnerability

Publication date: 01 Dec 2023
Modification date: 01 Dec 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-43907

Description

Updated the optipng package to fix a security vulnerability
(CVE-2023-43907) and other bugs. The GIF handler was vulnerable to a
global buffer overflow.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32520
• https://sourceforge.net/p/optipng/bugs/87/
• https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43907

SRPMS

9/core

• optipng-0.7.8-2.mga9

8/core

• optipng-0.7.8-2.mga8