First published: Mon Oct 01 2012(Updated: )
Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction."
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OptiPNG | =0.7.0 | |
OptiPNG | =0.7.1 | |
OptiPNG | =0.7.2 | |
OptiPNG | =hg |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-4432 is classified as a critical vulnerability due to its potential to allow remote code execution.
To fix CVE-2012-4432, upgrade OptiPNG to version 0.7.3 or higher.
CVE-2012-4432 affects OptiPNG versions 0.7.0, 0.7.1, 0.7.2, and the hg version.
CVE-2012-4432 is classified as a use-after-free vulnerability.
Yes, CVE-2012-4432 can be exploited remotely by attackers through specific vectors related to palette reduction.