Lucene search

MitreCVE-2019-7317

HistoryFeb 04, 2019 - 8:29 a.m.

CVE-2019-7317

2019-02-0408:29:00

CWE-416

mitre

web.nvd.nist.gov

495

cve-2019-7317

libpng

vulnerability

use-after-free

png.c

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.005

Percentile

75.4%

JSON

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Affected configurations

Nvd

Node

libpnglibpngRange1.6.0–1.6.37

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch16.04

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

canonicalubuntu_linuxMatch19.04

Node

oraclehyperion_infrastructure_technologyMatch11.2.6.0

oraclejava_seMatch7u221

oraclejava_seMatch8u212

oraclejdkMatch11.0.3

oraclejdkMatch12.0.1

oraclemysqlRange<8.0.23

Node

hpxp7_command_viewRange<8.7.0-00advanced

hpexp7_command_view_advanced_edition_suiteRange<8.7.0-00

Node

mozillafirefox_esrMatch-

mozillathunderbirdMatch-

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

opensuseleapMatch42.3

Node

suselinux_enterpriseMatch12.0

AND

opensusepackage_hubMatch-

Node

netappactive_iq_unified_managerRange<9.6vmware_vsphere

netappactive_iq_unified_managerRange<9.6windows

netappactive_iq_unified_managerMatch9.6vmware_vsphere

netappactive_iq_unified_managerMatch9.6windows

netappcloud_backupMatch-

netappe-series_santricity_managementMatch-vcenter

netappe-series_santricity_storage_managerRange<11.53

netappe-series_santricity_unified_managerRange<3.2

netappe-series_santricity_web_servicesRange<4.0web_services_proxy

netapponcommand_insightRange<7.3.9

netapponcommand_workflow_automationRange<5.1

netappplug-in_for_symantec_netbackupMatch-

netappsnapmanagerRange<3.4.2oracle

netappsnapmanagerRange<3.4.2sap

netappsnapmanagerMatch3.4.2p1oracle

netappsnapmanagerMatch3.4.2p1sap

netappsteelstoreMatch-

Node

redhatsatelliteMatch5.8

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_for_ibm_z_systemsMatch6.0

redhatenterprise_linux_for_ibm_z_systemsMatch7.0

redhatenterprise_linux_for_ibm_z_systemsMatch8.0

redhatenterprise_linux_for_power_big_endianMatch6.0

redhatenterprise_linux_for_power_big_endianMatch7.0

redhatenterprise_linux_for_power_little_endianMatch7.0

redhatenterprise_linux_for_power_little_endianMatch8.0

redhatenterprise_linux_for_scientific_computingMatch6.0

redhatenterprise_linux_for_scientific_computingMatch7.0

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
libpnglibpng*cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.10cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
canonicalubuntu_linux19.04cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
oraclehyperion_infrastructure_technology11.2.6.0cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*
oraclejava_se7u221cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libpng	libpng	*	cpe:2.3:a:libpng:libpng::::::::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
canonical	ubuntu_linux	19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
oracle	hyperion_infrastructure_technology	11.2.6.0	cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:::::::*
oracle	java_se	7u221	cpe:2.3:a:oracle:java_se:7u221:::::::*

Rows per page:

1-10 of 571

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html

packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html

www.securityfocus.com/bid/108098

access.redhat.com/errata/RHSA-2019:1265

access.redhat.com/errata/RHSA-2019:1267

access.redhat.com/errata/RHSA-2019:1269

access.redhat.com/errata/RHSA-2019:1308

access.redhat.com/errata/RHSA-2019:1309

access.redhat.com/errata/RHSA-2019:1310

access.redhat.com/errata/RHSA-2019:2494

access.redhat.com/errata/RHSA-2019:2495

access.redhat.com/errata/RHSA-2019:2585

access.redhat.com/errata/RHSA-2019:2590

access.redhat.com/errata/RHSA-2019:2592

access.redhat.com/errata/RHSA-2019:2737

bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803

github.com/glennrp/libpng/issues/275

lists.debian.org/debian-lts-announce/2019/05/msg00032.html

lists.debian.org/debian-lts-announce/2019/05/msg00038.html

seclists.org/bugtraq/2019/Apr/30

seclists.org/bugtraq/2019/Apr/36

seclists.org/bugtraq/2019/May/56

seclists.org/bugtraq/2019/May/59

seclists.org/bugtraq/2019/May/67

security.gentoo.org/glsa/201908-02

security.netapp.com/advisory/ntap-20190719-0005/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us

usn.ubuntu.com/3962-1/

usn.ubuntu.com/3991-1/

usn.ubuntu.com/3997-1/

usn.ubuntu.com/4080-1/

usn.ubuntu.com/4083-1/

www.debian.org/security/2019/dsa-4435

www.debian.org/security/2019/dsa-4448

www.debian.org/security/2019/dsa-4451

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.005

Percentile

75.4%

JSON

CVE-2019-7317

Affected configurations

References

Related