Vulnerabilities > CVE-2018-11416 - Double Free vulnerability in Jpegoptim Project Jpegoptim 1.4.5

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

jpegoptim-project

CWE-415

NVD

Published: 2018-05-24

Updated: 2018-06-26

Summary

jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Vulnerable Configurations

Part	Description	Count
Application	Jpegoptim_Project Jpegoptim Project Jpegoptim 1.4.5	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://github.com/tjko/jpegoptim/blob/master/README
https://github.com/tjko/jpegoptim/issues/57