CVE-2019-7317
MEDIUMlibpng 1.6.0-1.6.36 - Use-After-Free in png_image_free
Title source: llmDescription
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
References (42)
Core 42
Core References
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Apr/30
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4435
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Apr/36
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3962-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3991-1/
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/56
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/59
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4448
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1265
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1267
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1269
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4451
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/67
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3997-1/
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1310
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1308
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1309
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
Not Applicable, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108098
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4080-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4083-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-02
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2494
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2495
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2585
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2590
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2592
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2737
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Issue Tracking, Mailing List, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/glennrp/libpng/issues/275
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190719-0005/
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Scores
CVSS v3
5.3
EPSS
0.0056
EPSS Percentile
68.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (45)
canonical/ubuntu_linux
16.04 (2 CPE variants)
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
canonical/ubuntu_linux
19.04
debian/debian_linux
8.0
debian/debian_linux
9.0
hp/xp7_command_view
< 8.7.0-00
hpe/xp7_command_view_advanced_edition_suite
< 8.7.0-00
libpng/libpng
1.6.0 - 1.6.37
mozilla/firefox
... and 35 more
Published
Feb 04, 2019
Tracked Since
Feb 18, 2026