ID CVE-2009-0749
Summary Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.
References
Vulnerable Configurations
  • cpe:2.3:a:optipng_project:optipng:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:optipng_project:optipng:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:optipng_project:optipng:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 02-02-2024 - 16:03)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 33873
confirm
gentoo GLSA-200903-12
mlist
  • [oss-security] 20090224 CVE request: optipng security release
  • [oss-security] 20090225 Re: CVE request: optipng security release
secunia
  • 34035
  • 34201
  • 34259
  • 35685
suse
  • SUSE-SR:2009:006
  • SUSE-SR:2009:012
vupen ADV-2009-0510
xf optipng-gifreadnextextension-code-execution(48879)
Last major update 02-02-2024 - 16:03
Published 02-03-2009 - 20:30
Last modified 02-02-2024 - 16:03
Back to Top