FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libpgf -- use-after-free

Affected packages
libpgf <= 6.14.12

Details

VuXML ID 9a71953a-474a-11e5-adde-14dae9d210b8
Discovery 2015-08-08
Entry 2015-08-20
Modified 2015-08-26

Pengsu Cheng reports:

An use-after-free issue in Decoder.cpp was reported to upstream. The problem is due to lack of validation of ColorTableSize.

References

CVE Name CVE-2015-6673
URL http://seclists.org/oss-sec/2015/q3/404
URL https://sourceforge.net/p/libpgf/code/147/
URL https://sourceforge.net/p/libpgf/code/148/