Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 10 Oct 2015 11:30:20 -0400 (EDT)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Use-after-free in optipng 0.6.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> We found a use-after-free causing an invalid/double free in optipng 0.6.4.

> Processing: boom.png

> ==24844== Invalid read of size 4

> ==24844==  Address 0x4281a08 is 0 bytes inside a block of size 8 free'd
> ==24844==    at 0x402B3D8: free

> ==24844== Invalid free() / delete / delete[] / realloc()
> ==24844==    at 0x402B3D8: free

> https://bugzilla.redhat.com/show_bug.cgi?id=1264015

Use CVE-2015-7801.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWGS5BAAoJEL54rhJi8gl5atQP/0tVEMehVFLEX2ji/0kJbSWA
oTJjeHq8Qsuh5n/bbsqbdeu+GBJHiWLviwsa0xZe0QFRmNBJC+6T+sJxO1Krk4We
3J1xZrkEh3M9dbw5MgNA06ULf826AelNS41z2+m4MMMmoGFGHyLYNIDk+WXJovtD
Wa4FvdE5Pv1E59TwGrT1WV+oaiX20MjW5ULjsDMo/cgBXi72IAYfkooJunIWRA+5
I6hq7C4n9IV00qTcFdWPfRG4dViEEH/FkZHdIKve5jb1Cb3rb9WtxoJsgizK1Lkw
oRloE41BhYC/PZ14xLVAj+TuIBEZm3s3XgySy5asMCchecFBSAiAo6on4pi+hWku
Jyb6aXu8Yzmwy3Y06VlgFTU9E9uvDsVfTLq0rGxW/6txMjqy2KGDezJ+3MOQ0JuK
Fkq9pMY7qzkTgefbm3CC/K4KdZnjJqIjyWCZLWwnsV+vcXT3SiG34qzVZnAm/KDC
H9Iwb9f/cnP27HEjJMtyrcV6DQa5sLNwItNLJrKKrg7TC901Gvijrw9YPv2s4EKi
qvxDZLuIKsYOzztPZcFIZVGKldW7ROuZiRyl16UH0GZaxOUJdXfK66SUiDhnNvo0
92abDO4M8RC7W9JLUpkCcYl8FxyBU0nT5jpwNCzF+h1NEtU36tIzntQ4IbxHPdao
o/lBuiM5KF7Ahzglj5Jc
=j9wt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ