Red Hat Bugzilla – Bug 1264015
CVE-2015-7801 optipng: Use-after-free vulnerability in 0.6.4
Last modified: 2016-04-21 07:45:24 EDT
Use-after-free vulnerability in optipng 0.6.4 causing an invalid/double free was found.
CVE request (containing valgrind report):
Created optipng tracking bugs for this issue:
Affects: fedora-all [bug 1264018]
Affects: epel-5 [bug 1264019]
Affects: epel-6 [bug 1264020]
Created attachment 1075212 [details]
Reproducer provided by Gustavo Grieco
This issue did not affect the versions of optipng as shipped with Red Hat Enterprise Linux 7.
optipng-0.7.5-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.