'Re: [oss-security] CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-09-18 1:27:25
Message-ID: 5057CDFD.3020400 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/17/2012 10:36 AM, Agostino Sarubbo wrote:
> Quoting the secunia advisory:
> 
> Description A vulnerability has been reported in OptiPNG, which can
> be exploited by malicious people to potentially compromise a user's
> system.
> 
> The vulnerability is caused due to a use-after-free error related
> to the palette reduction functionality. No further information is
> currently available.
> 
> Success exploitation may allow execution of arbitrary code.
> 
> The vulnerability is reported in version 0.7, 0.7.1, and 0.7.2.
> 
> 
> Solution Update to version 0.7.3.
> 
> 
> Code commit: 
> http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2
>
>  Additional info: Version 0.6.5 and earlier are not affected.
> 

Please use CVE-2012-4432 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQV839AAoJEBYNRVNeJnmT664QAI85o2ckKjTZ1uSNU0H4YliD
L4RnENEPjiLwxXAaP5iHGvstnPHqGCHPrdRgjlVKe4FokQ+FIN8JR5/+wNpVTTDp
gNs3A/jeuIM3EvJHBeJt3nI+372GwqyBJkd1YiRA/4NRVj/9bByw1e/sK2He0LLn
t8q0GybXhGZBXngYQqgXRrP9EQq96eWzRE7gAkoq4+kkL9SsozNGcJxJDytQCJJT
IckohRLWjqLLcFuhY1QfZ4YsJrGequbtTkq91iNZwOf6WVPoK00b90CsqGhqDehF
jLlcopouSlvEKHr1jGpd2YS/m7EEfiix5h4kMzy8mcC+1Amg1iL6eKUauRn6IqwZ
H8XKX8Tb35eHhspX1nTPR4fV8EbBtsNuwPuu86YP3V5tJhphTwixWQvDU4zPCAEi
+ecmEsib79BvJdp3v92i8yyytxUP0e6XltMBK488bkB2qmskkwYAByHD/tb/mbBf
YcMJ3bE+57hpXH1j1acOKG/6Sa1pS5UJk92CI6AKzPMVwLX0Gon/OEKbNAy0OuI9
UpEvkETnzw+hjed1EzV5J1bNFaQroUk587PkiN5Judm+uIj4lakduli3n8LdZn1H
dAlHiDWkW6xv0jOl13J6vaAljDBMc4+sZnbUtWMzxlwYxc3KUl1sz3iVHXr7iKnO
ZsN/rnFLGSTCZSSokbmP
=Fnct
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic