CVE-2015-7801
published 2016-04-20CVE-2015-7801: Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
PriorityP347high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
5.38%
91.7th percentile
Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | optipng | < optipng 0.7.5-1 (bookworm) | optipng 0.7.5-1 (bookworm) |
| optipng_project | optipng | <= 0.6.4 | — |
| optipng_project | optipng | >= 0 < 0.7.5-1 | 0.7.5-1 |
| optipng_project | optipng | >= 0 < 0.7.5-1 | 0.7.5-1 |
| optipng_project | optipng | >= 0 < 0.7.5-1 | 0.7.5-1 |
| optipng_project | optipng | >= 0 < 0.7.5-1 | 0.7.5-1 |
| optipng_project | optipng | >= 0 < 0.6.4-1ubuntu0.14.04.1 | 0.6.4-1ubuntu0.14.04.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OptiPNG vulnerabilities
vendor_ubuntu·2016-04-18·CVSS 8.8
CVE-2015-7801 [HIGH] OptiPNG vulnerabilities
Title: OptiPNG vulnerabilities
Summary: OptiPNG could be made to crash or run programs as your login if it opened a
specially crafted file.
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801)
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7802)
Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. A
remote attacker could use this issue with a specially crafted image file to
cause OptiPNG to crash, resulting in a denial of service, or possi
Red Hat
optipng: Use-after-free vulnerability in 0.6.4
vendor_redhat·2015-09-16·CVSS 8.8
CVE-2015-7801 [HIGH] CWE-416 optipng: Use-after-free vulnerability in 0.6.4
optipng: Use-after-free vulnerability in 0.6.4
Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
Package: optipng (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2015-7801: optipng - Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute...
vendor_debian·2015·CVSS 8.8
CVE-2015-7801 [HIGH] CVE-2015-7801: optipng - Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute...
Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
Scope: local
bookworm: resolved (fixed in 0.7.5-1)
bullseye: resolved (fixed in 0.7.5-1)
forky: resolved (fixed in 0.7.5-1)
sid: resolved (fixed in 0.7.5-1)
trixie: resolved (fixed in 0.7.5-1)
GHSA
GHSA-76wm-4p7c-3hw9: Use-after-free vulnerability in OptiPNG 0
ghsa_unreviewed·2022-05-14
CVE-2015-7801 [HIGH] GHSA-76wm-4p7c-3hw9: Use-after-free vulnerability in OptiPNG 0
Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
OSV
CVE-2015-7801: Use-after-free vulnerability in OptiPNG 0
osv·2016-04-20·CVSS 8.8
CVE-2015-7801 [HIGH] CVE-2015-7801: Use-after-free vulnerability in OptiPNG 0
Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
OSV
optipng vulnerabilities
osv·2016-04-18·CVSS 8.8
CVE-2015-7801 [HIGH] optipng vulnerabilities
optipng vulnerabilities
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801)
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service. (CVE-2015-7802)
Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. A
remote attacker could use this issue with a specially crafted image file to
cause OptiPNG to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-2191)
Henri Salo discovered that OptiPNG incorrectly handled memory. A remote
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-7801 optipng: Use-after-free vulnerability in 0.6.4
bugzilla·2015-09-17·CVSS 8.8
CVE-2015-7801 [HIGH] CVE-2015-7801 optipng: Use-after-free vulnerability in 0.6.4
CVE-2015-7801 optipng: Use-after-free vulnerability in 0.6.4
Use-after-free vulnerability in optipng 0.6.4 causing an invalid/double free was found.
CVE request (containing valgrind report):
http://seclists.org/oss-sec/2015/q3/556
Discussion:
Created optipng tracking bugs for this issue:
Affects: fedora-all [bug 1264018]
Affects: epel-5 [bug 1264019]
Affects: epel-6 [bug 1264020]
---
Created attachment 1075212
Reproducer provided by Gustavo Grieco
---
This issue did not affect the versions of optipng as shipped with Red Hat Enterprise Linux 7.
---
optipng-0.7.5-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
arXiv
Code-less Patching for Heap Vulnerabilities Using Targeted Calling Context Encoding
arxiv_fulltext·2018-12-11
Code-less Patching for Heap Vulnerabilities Using Targeted Calling Context Encoding
Code-less Patching for Heap Vulnerabilities Using Targeted Calling Context Encoding
comment
1st Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
2nd Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
3rd Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
4th Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
5th Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
6th Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
2016-04-20
Published