CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option

[Glenn Randers-Pehrson <glennrp () gmail com>]

I am requsting a CVE for the following vulnerability in pngcrush.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Pngcrush versions 1.7.35 through 1.7.88 will segfault when run with
the "-loco" option and multiple trials.  This is due to attempting to
write to a file that has not yet been opened.

The vulnerability can be exploited trivially to create a Denial of Service.
Remote exploit is possible if the application accepts remote input and
accepts the "-loco" option.  No specially crafted PNG file is needed; any
valid PNG file can be used in an attack.

The bug was discovered by Brian Carpenter using AFL, and is fixed in
pngcrush-1.7.91, which was released on December 31, 2015.

Glenn Randers-Pehrson
pngcrush author and maintainer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWhXTvAAoJEPVJhL+hbGQP6vkP/1fqKQBMXffpVZEJ1DzmTeo5
+F0mLYhRax0xKvvOBFw3jvmCF7Wr7FATXEjUiHc3u9FNeIQwmLosBvCajnWYhExC
jjiweKt7ZBg/7NPFLEcKFtVASjQCkSMFTsWO6jWi1PIxJYztp/BGT1FB/H3ecrUZ
IHwReuFu3qnjB9hbUy9pbrJmeVSyQY1DWnFwLFJ8PaMrHpvJfXiraPHNaR4WDDDp
PgmxVF8GrpINh8oBZP1gLlBiSsiAUvt6C4Bpr/LaMrP/6nnPBW0y3bptGorxa5gY
4Z2k/P+12lU15oV//RG1gYGAE5R7I2fteOLA0ES1Xsvw6re8tJ0oEl9SWmhCBBAj
n2C3sCLhK619/KHWx6tety9N5ZCBHdrk6hwYzLVFVLOLmHPyrhhJCI+HJeKde4nw
BhruvP+iuhxqjCDoHPoxLnK5FMdYxrGn2vB2lq6AGjFuKtd7Nb2hTsYZu7bnGWYQ
dpNiVruRkdABLm621twGdU3GN45DwgfTy8kucypPmkxhmUgz2z30EExNcS1r0ph2
ywmCUz11jYH4oJIrZE3LNSPzuT3zymBmwENbY5GYbAnAYnjbVyy/HcIrp9+eALxZ
EkO4hGAFidhijHn8NnMpQI9EIoNMPhiJN9fYKfO56GNFysKEFBeOwzOLIuAYQQb+
v0R8JFw32Xm4ULrDjXk3
=Lm3P
-----END PGP SIGNATURE-----