Bug 857994 (CVE-2012-4432) - CVE-2012-4432 optipng : Palette Reduction Use-After-Free Vulnerability
Summary: CVE-2012-4432 optipng : Palette Reduction Use-After-Free Vulnerability
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2012-4432
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-09-17 17:45 UTC by Agostino Sarubbo
Modified: 2019-09-29 12:55 UTC (History)
3 users (show)

Fixed In Version: optipng 0.7.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-18 09:50:55 UTC
Embargoed:


Attachments (Terms of Use)

Description Agostino Sarubbo 2012-09-17 17:45:18 UTC
A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently available.

Success exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 0.7, 0.7.1, and 0.7.2.


Solution
Update to version 0.7.3.

Code commit:
http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2

Additional info:
Version 0.6.5 and earlier are not affected.

Comment 1 Jan Lieskovsky 2012-09-18 09:17:05 UTC
The CVE identifier of CVE-2012-4432 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2012/09/18/2

Comment 2 Jan Lieskovsky 2012-09-18 09:44:06 UTC
This issue does NOT affect the version of the optipng package, as shipped with Fedora release of 17 (it got updated to optipng-0.7.3-1.fc17 version in -testing repository already, which contains the upstream patch).

--

This issue did NOT affect the versions of the optipng package, as shipped with Fedora release of 16, Fedora EPEL 6 and Fedora EPEL 6 as they did not contain the vulnerable functionality yet.


Note You need to log in before you can comment on or make changes to this bug.