Lucene search

[email protected]CVE-2012-4432

HistoryOct 01, 2012 - 3:26 a.m.

CVE-2012-4432

2012-10-0103:26:16

CWE-399

[email protected]

web.nvd.nist.gov

cve

2012

4432

use-after-free

vulnerability

optipng

arbitrary code

palette reduction

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.204 Low

EPSS

Percentile

96.4%

JSON

Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to “palette reduction.”

Affected configurations

NVD

Node

optipngoptipngMatch0.7.0

optipngoptipngMatch0.7.1

optipngoptipngMatch0.7.2

optipngoptipngMatchhg

CPENameOperatorVersion
optipng:optipngoptipngeq0.7.0
optipng:optipngoptipngeq0.7.1
optipng:optipngoptipngeq0.7.2
optipng:optipngoptipngeqhg

CPE	Name	Operator	Version
optipng:optipng	optipng	eq	0.7.0
optipng:optipng	optipng	eq	0.7.1
optipng:optipng	optipng	eq	0.7.2
optipng:optipng	optipng	eq	hg

References

optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2

optipng.sourceforge.net/

secunia.com/advisories/50654

sourceforge.net/news/?group_id=151404

www.openwall.com/lists/oss-security/2012/09/17/5

www.openwall.com/lists/oss-security/2012/09/18/2

www.securityfocus.com/bid/55566

exchange.xforce.ibmcloud.com/vulnerabilities/78743

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.204 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2012-4432

freebsd1 openvas1 ubuntucve1 nessus3 debiancve1 gentoo1 prion1 cvelist1 nvd1