Bug 857994 - (CVE-2012-4432) CVE-2012-4432 optipng : Palette Reduction Use-After-Free Vulnerability
CVE-2012-4432 optipng : Palette Reduction Use-After-Free Vulnerability
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120916,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-17 13:45 EDT by Agostino Sarubbo
Modified: 2015-07-31 02:53 EDT (History)
3 users (show)

See Also:
Fixed In Version: optipng 0.7.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-18 05:50:55 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Agostino Sarubbo 2012-09-17 13:45:18 EDT
A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently available.

Success exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 0.7, 0.7.1, and 0.7.2.


Solution
Update to version 0.7.3.

Code commit:
http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2

Additional info:
Version 0.6.5 and earlier are not affected.
Comment 1 Jan Lieskovsky 2012-09-18 05:17:05 EDT
The CVE identifier of CVE-2012-4432 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2012/09/18/2
Comment 2 Jan Lieskovsky 2012-09-18 05:44:06 EDT
This issue does NOT affect the version of the optipng package, as shipped with Fedora release of 17 (it got updated to optipng-0.7.3-1.fc17 version in -testing repository already, which contains the upstream patch).

--

This issue did NOT affect the versions of the optipng package, as shipped with Fedora release of 16, Fedora EPEL 6 and Fedora EPEL 6 as they did not contain the vulnerable functionality yet.

Note You need to log in before you can comment on or make changes to this bug.