Red Hat Bugzilla – Bug 857994
CVE-2012-4432 optipng : Palette Reduction Use-After-Free Vulnerability
Last modified: 2015-07-31 02:53:59 EDT
A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently available.
Success exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 0.7, 0.7.1, and 0.7.2.
Update to version 0.7.3.
Version 0.6.5 and earlier are not affected.
The CVE identifier of CVE-2012-4432 has been assigned to this issue:
This issue does NOT affect the version of the optipng package, as shipped with Fedora release of 17 (it got updated to optipng-0.7.3-1.fc17 version in -testing repository already, which contains the upstream patch).
This issue did NOT affect the versions of the optipng package, as shipped with Fedora release of 16, Fedora EPEL 6 and Fedora EPEL 6 as they did not contain the vulnerable functionality yet.