jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jpegoptim | Jpegoptim_project | 1.4.5 (including) | 1.4.5 (including) |
Jpegoptim | Ubuntu | artful | * |
Jpegoptim | Ubuntu | bionic | * |
Jpegoptim | Ubuntu | cosmic | * |
Jpegoptim | Ubuntu | disco | * |
Jpegoptim | Ubuntu | eoan | * |
Jpegoptim | Ubuntu | groovy | * |
Jpegoptim | Ubuntu | hirsute | * |
Jpegoptim | Ubuntu | impish | * |
Jpegoptim | Ubuntu | kinetic | * |
Jpegoptim | Ubuntu | lunar | * |
Jpegoptim | Ubuntu | mantic | * |
Jpegoptim | Ubuntu | trusty | * |
Jpegoptim | Ubuntu | trusty/esm | * |
Jpegoptim | Ubuntu | xenial | * |