{
  "threat_severity" : "Low",
  "public_date" : "2017-12-04T00:00:00Z",
  "bugzilla" : {
    "description" : "optipng: integer overflow in tiffread.c:minitiff_read_info() leading to denial of service",
    "id" : "1520234",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1520234"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-190",
  "details" : [ "Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.", "An integer overflow flaw leading to heap memory corruption was found in the way OptiPNG handles processing of TIFF files. This flaw could potentially be used to crash the OptiPNG program by tricking it into processing crafted TIFF files." ],
  "statement" : "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "optipng",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-1000229\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000229" ],
  "name" : "CVE-2017-1000229",
  "csaw" : false
}