CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
75.4%
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Vendor | Product | Version | CPE |
---|---|---|---|
libpng | libpng | * | cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* |
debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
canonical | ubuntu_linux | 18.04 | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 18.10 | cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 19.04 | cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* |
oracle | hyperion_infrastructure_technology | 11.2.6.0 | cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:* |
oracle | java_se | 7u221 | cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
www.securityfocus.com/bid/108098
access.redhat.com/errata/RHSA-2019:1265
access.redhat.com/errata/RHSA-2019:1267
access.redhat.com/errata/RHSA-2019:1269
access.redhat.com/errata/RHSA-2019:1308
access.redhat.com/errata/RHSA-2019:1309
access.redhat.com/errata/RHSA-2019:1310
access.redhat.com/errata/RHSA-2019:2494
access.redhat.com/errata/RHSA-2019:2495
access.redhat.com/errata/RHSA-2019:2585
access.redhat.com/errata/RHSA-2019:2590
access.redhat.com/errata/RHSA-2019:2592
access.redhat.com/errata/RHSA-2019:2737
bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
github.com/glennrp/libpng/issues/275
lists.debian.org/debian-lts-announce/2019/05/msg00032.html
lists.debian.org/debian-lts-announce/2019/05/msg00038.html
seclists.org/bugtraq/2019/Apr/30
seclists.org/bugtraq/2019/Apr/36
seclists.org/bugtraq/2019/May/56
seclists.org/bugtraq/2019/May/59
seclists.org/bugtraq/2019/May/67
security.gentoo.org/glsa/201908-02
security.netapp.com/advisory/ntap-20190719-0005/
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
usn.ubuntu.com/3962-1/
usn.ubuntu.com/3991-1/
usn.ubuntu.com/3997-1/
usn.ubuntu.com/4080-1/
usn.ubuntu.com/4083-1/
www.debian.org/security/2019/dsa-4435
www.debian.org/security/2019/dsa-4448
www.debian.org/security/2019/dsa-4451
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
75.4%