ID CVE-2019-7317
Summary png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
References
Vulnerable Configurations
  • cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 01-08-2019 - 17:15)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2019:1265
  • rhsa
    id RHSA-2019:1267
  • rhsa
    id RHSA-2019:1269
  • rhsa
    id RHSA-2019:1308
  • rhsa
    id RHSA-2019:1309
  • rhsa
    id RHSA-2019:1310
rpms
  • firefox-0:60.7.0-1.el7_6
  • firefox-0:60.7.0-1.el6_10
  • thunderbird-0:60.7.0-1.el7_6
  • thunderbird-0:60.7.0-1.el6_10
refmap via4
bugtraq
  • 20190417 [slackware-security] libpng (SSA:2019-107-01)
  • 20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update
  • 20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
  • 20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
  • 20190527 [SECURITY] [DSA 4451-1] thunderbird security update
debian
  • DSA-4435
  • DSA-4448
  • DSA-4451
misc
mlist
  • [debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
  • [debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
suse openSUSE-SU-2019:1484
ubuntu
  • USN-3962-1
  • USN-3991-1
  • USN-3997-1
Last major update 01-08-2019 - 17:15
Published 04-02-2019 - 08:29
Back to Top