Quoting http://optipng.sourceforge.net/: All current OptiPNG versions are known to be vulnerable to memory reallocation attacks, due to a bug in the GIF image reader. (Many thanks to Roy Tam for the report, as well as the fix.) patch: http://213.203.218.125/o/op/optipng/optipng-0.6.2.1.diff
Patched in 0.6.2-r1
Arches, please test and mark stable: =media-gfx/optipng-0.6.2-r1 Target keywords : "alpha amd64 ppc x86"
amd64/x86 stable
CVE-2009-0749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0749): Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.
ppc stable
alpha stable
GLSA 200903-12