Bug 260265 (CVE-2009-0749)

Summary:	<media-gfx/optipng-0.6.2-r1 GIF memory reallocation (CVE-2009-0749)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	tristan
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://optipng.sourceforge.net/
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2009-02-25 16:22:11 UTC

Quoting http://optipng.sourceforge.net/:
All current OptiPNG versions are known to be vulnerable to memory reallocation attacks, due to a bug in the GIF image reader. (Many thanks to Roy Tam for the report, as well as the fix.) 

patch:
http://213.203.218.125/o/op/optipng/optipng-0.6.2.1.diff

Comment 1 Tristan Heaven (RETIRED) gentoo-dev

2009-02-25 17:31:26 UTC

Patched in 0.6.2-r1

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-02-25 17:37:12 UTC

Arches, please test and mark stable:
=media-gfx/optipng-0.6.2-r1
Target keywords : "alpha amd64 ppc x86"

Comment 3 Markus Meier gentoo-dev

2009-02-25 20:11:02 UTC

amd64/x86 stable

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2009-03-03 13:07:50 UTC

CVE-2009-0749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0749):
  Use-after-free vulnerability in the GIFReadNextExtension function in
  lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows
  context-dependent attackers to cause a denial of service (application
  crash) via a crafted GIF image that causes the realloc function to
  return a new pointer, which triggers memory corruption when the old
  pointer is accessed.

Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev

2009-03-04 20:23:11 UTC

ppc stable

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2009-03-06 16:27:27 UTC

alpha stable

Comment 7 Robert Buchholz (RETIRED) gentoo-dev

2009-03-09 13:07:14 UTC

GLSA 200903-12