oss-sec mailing list archives
Re: CVE Request: Use-after-free in optipng 0.6.4
From: cve-assign () mitre org
Date: Sat, 10 Oct 2015 11:30:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
We found a use-after-free causing an invalid/double free in optipng 0.6.4.
Processing: boom.png
==24844== Invalid read of size 4
==24844== Address 0x4281a08 is 0 bytes inside a block of size 8 free'd ==24844== at 0x402B3D8: free
==24844== Invalid free() / delete / delete[] / realloc() ==24844== at 0x402B3D8: free
https://bugzilla.redhat.com/show_bug.cgi?id=1264015
Use CVE-2015-7801. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWGS5BAAoJEL54rhJi8gl5atQP/0tVEMehVFLEX2ji/0kJbSWA oTJjeHq8Qsuh5n/bbsqbdeu+GBJHiWLviwsa0xZe0QFRmNBJC+6T+sJxO1Krk4We 3J1xZrkEh3M9dbw5MgNA06ULf826AelNS41z2+m4MMMmoGFGHyLYNIDk+WXJovtD Wa4FvdE5Pv1E59TwGrT1WV+oaiX20MjW5ULjsDMo/cgBXi72IAYfkooJunIWRA+5 I6hq7C4n9IV00qTcFdWPfRG4dViEEH/FkZHdIKve5jb1Cb3rb9WtxoJsgizK1Lkw oRloE41BhYC/PZ14xLVAj+TuIBEZm3s3XgySy5asMCchecFBSAiAo6on4pi+hWku Jyb6aXu8Yzmwy3Y06VlgFTU9E9uvDsVfTLq0rGxW/6txMjqy2KGDezJ+3MOQ0JuK Fkq9pMY7qzkTgefbm3CC/K4KdZnjJqIjyWCZLWwnsV+vcXT3SiG34qzVZnAm/KDC H9Iwb9f/cnP27HEjJMtyrcV6DQa5sLNwItNLJrKKrg7TC901Gvijrw9YPv2s4EKi qvxDZLuIKsYOzztPZcFIZVGKldW7ROuZiRyl16UH0GZaxOUJdXfK66SUiDhnNvo0 92abDO4M8RC7W9JLUpkCcYl8FxyBU0nT5jpwNCzF+h1NEtU36tIzntQ4IbxHPdao o/lBuiM5KF7Ahzglj5Jc =j9wt -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request: Use-after-free in optipng 0.6.4 cve-assign (Oct 10)