Candidate: CVE-2015-7700
PublicDate: 2017-08-31 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7700
 https://pmt.sourceforge.io/pngcrush/ChangeLog.html
 https://sourceforge.net/p/pmt/news/2015/10/pngcrush-1787-released/
Description:
 Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush
 before 1.7.87 allows attackers to have unspecified impact via unknown
 vectors.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Brian Carpenter
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_pngcrush:
 upstream: https://sourceforge.net/p/pmt/code/ci/e8ae5a842e86324f0bee91f4d98245fddb8ea5dd
upstream_pngcrush: released (1.7.87)
precise/esm_pngcrush: DNE
trusty_pngcrush: ignored (out of standard support)
trusty/esm_pngcrush: needed
vivid/ubuntu-core_pngcrush: DNE
xenial_pngcrush: ignored (end of standard support, was needed)
zesty_pngcrush: ignored (reached end-of-life)
artful_pngcrush: ignored (reached end-of-life)
bionic_pngcrush: needed
cosmic_pngcrush: ignored (reached end-of-life)
disco_pngcrush: ignored (reached end-of-life)
eoan_pngcrush: not-affected (1.8.13-0.1)
focal_pngcrush: not-affected (1.8.13-0.1)
groovy_pngcrush: not-affected (1.8.13-0.1)
hirsute_pngcrush: not-affected (1.8.13-0.1)
impish_pngcrush: not-affected (1.8.13-0.1)
jammy_pngcrush: not-affected (1.8.13-0.1)
devel_pngcrush: not-affected (1.8.13-0.1)