CVE-2012-4432 - Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote

CVE-2012-4432

Summary

Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction."

References

Vulnerable Configurations

cpe:2.3:a:optipng:optipng:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:optipng:optipng:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:optipng:optipng:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:optipng:optipng:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:optipng:optipng:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:optipng:optipng:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:optipng:optipng:hg:*:*:*:*:*:*:*
cpe:2.3:a:optipng:optipng:hg:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	55566
confirm	http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2 http://optipng.sourceforge.net/ http://sourceforge.net/news/?group_id=151404
mlist	[oss-security] 20120917 CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability [oss-security] 20120917 Re: CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability
secunia	50654
xf	optipng-palette-code-execution(78743)

Last major update

29-08-2017 - 01:32

Published

01-10-2012 - 03:26

Last modified

29-08-2017 - 01:32