CVE-2015-7700 — Double Free in Pngcrush

CWE-415 — Double Free CWE-416 — Use After Free8 documents8 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 28.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pngcrush Project Pngcrush Debian Pngcrush

Timeline

PublishedAug 31

Latest updateMay 17

Description

Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/pngcrush< pngcrush 1.8.13-0.1 (bookworm)

▶Debianpngcrush_project/pngcrush< 1.8.13-0.1+3

▶NVDpngcrush_project/pngcrush1.7.86

🔴Vulnerability Details

GHSA

GHSA-4q9g-gjc2-2pf4: Double-free vulnerability in the sPLT chunk structure and png↗2022-05-17

▶

OSV

CVE-2015-7700: Double-free vulnerability in the sPLT chunk structure and png↗2017-08-31

▶

📋Vendor Advisories

Ubuntu

pngcrush vulnerability↗2022-01-19

▶

Red Hat

pngcrush: double-free in sPLT and png.c file↗2017-08-31

▶

Debian

CVE-2015-7700: pngcrush - Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush befo...↗2015

▶

💬Community

HackerOne

pngcrush double-free/segfault could result in DoS (CVE-2015-7700)↗2019-10-04

▶

Bugzilla

CVE-2015-7700 pngcrush: double-free in sPLT and png.c file↗2018-01-18

▶