Published: 24/05/2018 Updated: 26/06/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

jpegoptim project jpegoptim 1.4.5

Github Repositories

UAF Fuzzing Benchmark

UAF Fuzzing Benchmark We create a fuzzing benchmark of Use-After-Free (UAF) and Double-Free (DF) bugs for our evaluations It includes recent bugs found by existing (directed) greybox fuzzers of real-world programs We provide scripts, Valgrind's stack traces as targets and initial seeds of each subject Please follow the instructions to install fuzzers like AFL(-QEMU), AF

UAF-Fuzzer-TestSuite Use-after-free testsuite used for fuzzing experiment Seed and POC in the Fuzzing folder 1 Elfutils 0173 [Detail Info] Bug type: double-free CVE ID: CVE-2018-16402 Download: ftp://sourcewareorg/pub/elfutils/0173/ Reproduce: /eu-nm $POC 2 Mini Xml v212 [Detail Info] Bug type: use-after-free CVE ID: CVE-2018-20592 Download: githubcom/michael