FreeBSD : optipng -- use-after-free vulnerability (a8818f7f-9182-11e2-9bdf-d48564727302)

High Nessus Plugin ID 65848


The remote FreeBSD host is missing a security-related update.


Secunia reports :

A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently available.

Success exploitation may allow execution of arbitrary code.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 65848

File Name: freebsd_pkg_a8818f7f918211e29bdfd48564727302.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2013/04/08

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:optipng, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/03/21

Vulnerability Publication Date: 2012/09/16

Reference Information

CVE: CVE-2012-4432

Secunia: 50654