Lucene search

[email protected]CVE-2019-7317

HistoryFeb 04, 2019 - 8:29 a.m.

CVE-2019-7317

2019-02-0408:29:00

CWE-416

[email protected]

web.nvd.nist.gov

472

cve-2019-7317

libpng

vulnerability

use-after-free

png.c

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.2%

JSON

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

CPENameOperatorVersion
libpng:libpnglibpnglt1.6.37
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq9.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq19.04
oracle:jdkoracle jdkeq11.0.3
oracle:jdkoracle jdkeq12.0.1
oracle:java_seoracle java seeq8u212

CPE	Name	Operator	Version
libpng:libpng	libpng	lt	1.6.37
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	9.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	19.04
oracle:jdk	oracle jdk	eq	11.0.3
oracle:jdk	oracle jdk	eq	12.0.1
oracle:java_se	oracle java se	eq	8u212

Rows per page:

1-10 of 491

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html

packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html

www.securityfocus.com/bid/108098

access.redhat.com/errata/RHSA-2019:1265

access.redhat.com/errata/RHSA-2019:1267

access.redhat.com/errata/RHSA-2019:1269

access.redhat.com/errata/RHSA-2019:1308

access.redhat.com/errata/RHSA-2019:1309

access.redhat.com/errata/RHSA-2019:1310

access.redhat.com/errata/RHSA-2019:2494

access.redhat.com/errata/RHSA-2019:2495

access.redhat.com/errata/RHSA-2019:2585

access.redhat.com/errata/RHSA-2019:2590

access.redhat.com/errata/RHSA-2019:2592

access.redhat.com/errata/RHSA-2019:2737

bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803

github.com/glennrp/libpng/issues/275

lists.debian.org/debian-lts-announce/2019/05/msg00032.html

lists.debian.org/debian-lts-announce/2019/05/msg00038.html

seclists.org/bugtraq/2019/Apr/30

seclists.org/bugtraq/2019/Apr/36

seclists.org/bugtraq/2019/May/56

seclists.org/bugtraq/2019/May/59

seclists.org/bugtraq/2019/May/67

security.gentoo.org/glsa/201908-02

security.netapp.com/advisory/ntap-20190719-0005/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us

usn.ubuntu.com/3962-1/

usn.ubuntu.com/3991-1/

usn.ubuntu.com/3997-1/

usn.ubuntu.com/4080-1/

usn.ubuntu.com/4083-1/

www.debian.org/security/2019/dsa-4435

www.debian.org/security/2019/dsa-4448

www.debian.org/security/2019/dsa-4451

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.2%

JSON

CVE-2019-7317

References

Related