A memory leak vulnerability in jpegoptim.c

tjko / jpegoptim

jpegoptim - utility to optimize/compress JPEG files

http://www.iki.fi/tjko/projects.html

GNU General Public License v3.0

1.59k stars 117 forks source link

A memory leak vulnerability in jpegoptim.c #44

Closed bestshow closed 2 years ago

bestshow commented 7 years ago

on RELEASE.1.4.4

I have found a memory leak vulnerability in jpegoptim.c https://github.com/tjko/jpegoptim/blob/master/jpegoptim.c#L673 The pointer outbuffer was leaked.

tjko commented 7 years ago

What exactly is leaked? How is this vulnerability?

Yes, malloc() returns "uninitialized" buffer, but thats ok, since we don't care what is there (it's just temp memory for writing new jpeg file image)....

Dev-B-V-A commented 6 years ago

You have problem with memmory, which hasn't been removed. You should call free () for "outbuffer".