CVE-2012-4432

Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
optipngoptipng
0.7.0
optipngoptipng
0.7.1
optipngoptipng
0.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
optipng
bullseye
0.7.7-1
fixed
bookworm
0.7.7-2
fixed
sid
0.7.8+ds-1
fixed
trixie
0.7.8+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
optipng
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2
http://optipng.sourceforge.net/
http://secunia.com/advisories/50654
http://sourceforge.net/news/?group_id=151404
http://www.openwall.com/lists/oss-security/2012/09/17/5
http://www.openwall.com/lists/oss-security/2012/09/18/2
http://www.securityfocus.com/bid/55566
https://exchange.xforce.ibmcloud.com/vulnerabilities/78743
http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2
http://optipng.sourceforge.net/
http://secunia.com/advisories/50654
http://sourceforge.net/news/?group_id=151404
http://www.openwall.com/lists/oss-security/2012/09/17/5
http://www.openwall.com/lists/oss-security/2012/09/18/2
http://www.securityfocus.com/bid/55566
https://exchange.xforce.ibmcloud.com/vulnerabilities/78743