|
Message-Id: <20151010153020.1CEF31BE955@smtpvbsrv1.mitre.org> Date: Sat, 10 Oct 2015 11:30:20 -0400 (EDT) From: cve-assign@...re.org To: gustavo.grieco@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: Use-after-free in optipng 0.6.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > We found a use-after-free causing an invalid/double free in optipng 0.6.4. > Processing: boom.png > ==24844== Invalid read of size 4 > ==24844== Address 0x4281a08 is 0 bytes inside a block of size 8 free'd > ==24844== at 0x402B3D8: free > ==24844== Invalid free() / delete / delete[] / realloc() > ==24844== at 0x402B3D8: free > https://bugzilla.redhat.com/show_bug.cgi?id=1264015 Use CVE-2015-7801. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWGS5BAAoJEL54rhJi8gl5atQP/0tVEMehVFLEX2ji/0kJbSWA oTJjeHq8Qsuh5n/bbsqbdeu+GBJHiWLviwsa0xZe0QFRmNBJC+6T+sJxO1Krk4We 3J1xZrkEh3M9dbw5MgNA06ULf826AelNS41z2+m4MMMmoGFGHyLYNIDk+WXJovtD Wa4FvdE5Pv1E59TwGrT1WV+oaiX20MjW5ULjsDMo/cgBXi72IAYfkooJunIWRA+5 I6hq7C4n9IV00qTcFdWPfRG4dViEEH/FkZHdIKve5jb1Cb3rb9WtxoJsgizK1Lkw oRloE41BhYC/PZ14xLVAj+TuIBEZm3s3XgySy5asMCchecFBSAiAo6on4pi+hWku Jyb6aXu8Yzmwy3Y06VlgFTU9E9uvDsVfTLq0rGxW/6txMjqy2KGDezJ+3MOQ0JuK Fkq9pMY7qzkTgefbm3CC/K4KdZnjJqIjyWCZLWwnsV+vcXT3SiG34qzVZnAm/KDC H9Iwb9f/cnP27HEjJMtyrcV6DQa5sLNwItNLJrKKrg7TC901Gvijrw9YPv2s4EKi qvxDZLuIKsYOzztPZcFIZVGKldW7ROuZiRyl16UH0GZaxOUJdXfK66SUiDhnNvo0 92abDO4M8RC7W9JLUpkCcYl8FxyBU0nT5jpwNCzF+h1NEtU36tIzntQ4IbxHPdao o/lBuiM5KF7Ahzglj5Jc =j9wt -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.