Vulnerabilities > CVE-2012-4432 - Resource Management Errors vulnerability in Optipng
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201404-03.NASL description The remote host is affected by the vulnerability described in GLSA-201404-03 (OptiPNG: User-assisted execution of arbitrary code) A use-after-free vulnerability exists in the palette reduction functionality of OptiPNG. Impact : A remote attacker could entice a user to open a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 73392 published 2014-04-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73392 title GLSA-201404-03 : OptiPNG: User-assisted execution of arbitrary code code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201404-03. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(73392); script_version("1.4"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-4432"); script_bugtraq_id(55566); script_xref(name:"GLSA", value:"201404-03"); script_name(english:"GLSA-201404-03 : OptiPNG: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201404-03 (OptiPNG: User-assisted execution of arbitrary code) A use-after-free vulnerability exists in the palette reduction functionality of OptiPNG. Impact : A remote attacker could entice a user to open a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201404-03" ); script_set_attribute( attribute:"solution", value: "All OptiPNG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/optipng-0.7.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:optipng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-gfx/optipng", unaffected:make_list("ge 0.7.3"), vulnerable:make_list("lt 0.7.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OptiPNG"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-699.NASL description optipng received a fix for a palette reduction use-after-free vulnerability. (CVE-2012-4432) last seen 2020-06-05 modified 2014-06-13 plugin id 74777 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74777 title openSUSE Security Update : optipng (openSUSE-SU-2012:1329-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-699. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74777); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4432"); script_name(english:"openSUSE Security Update : optipng (openSUSE-SU-2012:1329-1)"); script_summary(english:"Check for the openSUSE-2012-699 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "optipng received a fix for a palette reduction use-after-free vulnerability. (CVE-2012-4432)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=780874" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-10/msg00044.html" ); script_set_attribute( attribute:"solution", value:"Update the affected optipng packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:optipng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:optipng-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:optipng-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"optipng-0.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"optipng-debuginfo-0.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"optipng-debugsource-0.7-2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "optipng"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A8818F7F918211E29BDFD48564727302.NASL description Secunia reports : A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user last seen 2020-06-01 modified 2020-06-02 plugin id 65848 published 2013-04-08 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65848 title FreeBSD : optipng -- use-after-free vulnerability (a8818f7f-9182-11e2-9bdf-d48564727302)
References
- http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2
- http://optipng.sourceforge.net/
- http://secunia.com/advisories/50654
- http://sourceforge.net/news/?group_id=151404
- http://www.openwall.com/lists/oss-security/2012/09/17/5
- http://www.openwall.com/lists/oss-security/2012/09/18/2
- http://www.securityfocus.com/bid/55566
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78743