oss-sec mailing list archives
Re: CVE Request: Use-after-free in optipng 0.6.4
From: Stefan Cornelius <scorneli () redhat com>
Date: Sat, 19 Sep 2015 18:01:39 +0200
On Wed, 16 Sep 2015 08:11:03 -0300 Gustavo Grieco <gustavo.grieco () gmail com> wrote:
We found a use-after-free causing an invalid/double free in optipng 0.6.4. Upstream is working in fixing it but keep in mind that optipng 0.6.x is officially unsupported. A CVE will be useful since such version is included in distros like Debian and Ubuntu. Please find attached the test case to trigger it.
Hi, For some reason the attached image test case didn't make it through. Gustavo was kind enough to email me a copy and asked me to add it to our bug for easy public access. Direct link: https://bugzilla.redhat.com/attachment.cgi?id=1075212 Our bug for this issue is here: https://bugzilla.redhat.com/show_bug.cgi?id=1264015 PS: FYI, "On September 20th, 2015, 0:00 UTC we will be upgrading the Red Hat Bugzilla servers in a migration process lasting 10 to 14 hours." Thanks, -- Stefan Cornelius / Red Hat Product Security
Current thread:
- CVE Request: Use-after-free in optipng 0.6.4 Gustavo Grieco (Sep 16)
- Re: CVE Request: Use-after-free in optipng 0.6.4 Mark Felder (Sep 17)
- Re: CVE Request: Use-after-free in optipng 0.6.4 Stefan Cornelius (Sep 19)