Aggregates CVE and security vulnerability intelligence across all optipng-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, and vendor risk denial of service and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2016-2191 | The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. | [email protected] | 6.5 | 3.53% | 2016-04-13 | 2026-06-16 |
| CVE-2012-4432 | Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction." | [email protected] | 7.5 | 5.24% | 2012-09-30 | 2026-06-16 |
| CVE-2008-5101 | Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow." | [email protected] | 9.3 | 3.99% | 2008-11-17 | 2026-06-16 |