Published: 24/05/2018 Updated: 26/06/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jpegoptim project jpegoptim 1.4.5

UAF Fuzzing Benchmark

UAF Fuzzing Benchmark We create a fuzzing benchmark of Use-After-Free (UAF) and Double-Free (DF) bugs for our evaluations It includes recent bugs found by existing (directed) greybox fuzzers of real-world programs We provide scripts, Valgrind's stack traces as targets and initial seeds of each subject Please follow the instructions to install fuzzers like AFL(-QEMU), AF

UAF-Fuzzer-TestSuite Use-after-free testsuite used for fuzzing experiment Seed and POC in the Fuzzing folder 1 Elfutils 0173 [Detail Info] Bug type: double-free CVE ID: CVE-2018-16402 Download: ftp://sourcewareorg/pub/elfutils/0173/ Reproduce: /eu-nm $POC 2 Mini Xml v212 [Detail Info] Bug type: use-after-free CVE ID: CVE-2018-20592 Download: githubcom/michael

CWE-415 https://github.com/tjko/jpegoptim/issues/57 https://github.com/tjko/jpegoptim/blob/master/README https://nvd.nist.gov https://github.com/strongcourage/uafbench

CVE-2018-11416

Vulnerability Summary

Most Upvoted Vulmon Research Post

Github Repositories

References

Vulmon Search

About

Products

Connect