Re: CVE request: pngcrush 1.7.83 crash bug (most likely exploitable)

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I found a crash bug in pngcrush that is most likely
> exploitable and wanted to get a CVE assignment for it. I've already been in
> contact with the pngcrush author and this bug has been fixed in pngcrush
> v1.7.84 (which was released today, no mention of this in the changelog
> though: http://sourceforge.net/p/pmt/news/2015/02/pngcrush-1784-released/).

> Access violation on destination operand

> Exploitability Classification: EXPLOITABLE
> Explanation: The target crashed on an access violation at an address
> matching the destination operand of the instruction. This likely indicates
> a write access violation, which means the attacker may control the write
> address and/or value.

> I've attached the test case but here is a hexdump:
> 0000000 4d8a 474e 0a0d 0a1a 0000 0000 3030 3030
> 0000010

Use CVE-2015-2158.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU8ma2AAoJEKllVAevmvmsFAYH/0ujgIRpqfsSkLyHnkg/Fl5s
VyZGtK6cQYxhOGcIpc6Jr4BwrdeL3+lJhyWxKoighU334ZrCmSfaMnZPfiQluOcH
cCNBsFp+8YyIazB9PMyds3s5MxpwhIcp0DuD4aIQBOXiciMgEF64LvW/zhfLZ4QC
GmlcHmKYs5pYgbc/nFxnhZ9fIlLtkghyPCJb4F6b80Z6S/58UCV73QiULUFP3zhS
3XftzLhEJuCUxqXg6K0fd9NTxujrs7oHUmS47ElZLnN1o/TvqnO6uDfEPzfMqGn1
4/0ZNN56EjTumiGqij6LxxbbNX5JiqNEA8lBmMI5uW3+2P/muAk3m3/Q0x+xm1E=
=BZb9
-----END PGP SIGNATURE-----