{"id":"CVE-2016-5735","details":"Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.","modified":"2026-07-08T12:52:57.971108Z","published":"2017-05-23T04:29:01.477Z","related":["openSUSE-SU-2024:10972-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","extracted_events":[{"introduced":"2.7.0"},{"last_affected":"2.7.0"}],"cpes":["cpe:2.3:a:pngquant:pngquant:2.7.0:*:*:*:*:*:*:*"],"vendor_product":"pngquant:pngquant"}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00028.html"},{"type":"FIX","url":"https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285"},{"type":"EVIDENCE","url":"http://sf.snu.ac.kr/gil.hur/publications/shovel.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kornelski/pngquant","events":[{"introduced":"0"},{"fixed":"b7c217680cda02dddced245d237ebe8c383be285"}],"database_specific":{"source":"REFERENCES"}}],"versions":["2.7.1","2.7.0","2.6.0","2.5.2","2.5.1","2.5.0","2.4.1","2.3.6","1.7.3","2.4.0.1","2.4.0","2.3.5","2.3.4","2.3.3","2.3.2","2.3.1","2.3.0","2.2.0","2.1.0","2.0.2","2.0.1","2.0.0","1.8.4","1.8.3","1.8.2","1.8.1","1.8.0","1.7.2","1.7.1","1.7.0","1.6.4","1.6.3","1.6.2","1.6.1","1.6","1.5.1","1.5.1a1","1.5.0","1.4.2","1.4.1","1.4b","1.3b","1.3a","1.2b","1.2a"],"database_specific":{"vanir_signatures_modified":"2026-07-08T12:52:57Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5735.json","vanir_signatures":[{"source":"https://github.com/kornelski/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285","target":{"file":"rwpng.c"},"digest":{"line_hashes":["11749072273354818079652599568515810704","295321760208783322335535339872887592277","263241181405925274193218127026934768670","279570523230507015572632992992007345031","61102045982274863775149249678886770771","101195728603932320435831620322596778343","185264035726705698568741517661172567482","323461216799807688237550986647038251466","59479731129094185246169890485511112403","3248771318875236472868746566677569443"],"threshold":0.9},"signature_type":"Line","id":"CVE-2016-5735-90d441ae","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/kornelski/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285","target":{"function":"rwpng_read_image24_libpng","file":"rwpng.c"},"digest":{"function_hash":"219203256382287797673606922366190072575","length":4485},"signature_type":"Function","id":"CVE-2016-5735-9ffba8c0","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}