{"id":"CVE-2016-2191","details":"The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.","modified":"2026-04-16T06:19:15.528571943Z","published":"2016-04-13T16:59:11.130Z","related":["openSUSE-SU-2024:10140-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/archive/1/537972/100/0/threaded"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/04/04/2"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201608-01"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2016/Apr/15"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2951-1"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3546"},{"type":"FIX","url":"https://sourceforge.net/p/optipng/bugs/59/"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2191.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.04"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"42.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}