Lucene search

K
nvd[email protected]NVD:CVE-2019-7317
HistoryFeb 04, 2019 - 8:29 a.m.

CVE-2019-7317

2019-02-0408:29:00
CWE-416
web.nvd.nist.gov
6

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.005

Percentile

75.4%

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Affected configurations

Nvd
Node
libpnglibpngRange1.6.01.6.37
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
canonicalubuntu_linuxMatch16.04
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch18.10
OR
canonicalubuntu_linuxMatch19.04
Node
oraclehyperion_infrastructure_technologyMatch11.2.6.0
OR
oraclejava_seMatch7u221
OR
oraclejava_seMatch8u212
OR
oraclejdkMatch11.0.3
OR
oraclejdkMatch12.0.1
OR
oraclemysqlRange<8.0.23
Node
hpxp7_command_viewRange<8.7.0-00advanced
OR
hpexp7_command_view_advanced_edition_suiteRange<8.7.0-00
Node
mozillafirefox_esrMatch-
OR
mozillathunderbirdMatch-
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
OR
opensuseleapMatch42.3
Node
suselinux_enterpriseMatch12.0
AND
opensusepackage_hubMatch-
Node
netappactive_iq_unified_managerRange<9.6vmware_vsphere
OR
netappactive_iq_unified_managerRange<9.6windows
OR
netappactive_iq_unified_managerMatch9.6vmware_vsphere
OR
netappactive_iq_unified_managerMatch9.6windows
OR
netappcloud_backupMatch-
OR
netappe-series_santricity_managementMatch-vcenter
OR
netappe-series_santricity_storage_managerRange<11.53
OR
netappe-series_santricity_unified_managerRange<3.2
OR
netappe-series_santricity_web_servicesRange<4.0web_services_proxy
OR
netapponcommand_insightRange<7.3.9
OR
netapponcommand_workflow_automationRange<5.1
OR
netappplug-in_for_symantec_netbackupMatch-
OR
netappsnapmanagerRange<3.4.2oracle
OR
netappsnapmanagerRange<3.4.2sap
OR
netappsnapmanagerMatch3.4.2p1oracle
OR
netappsnapmanagerMatch3.4.2p1sap
OR
netappsteelstoreMatch-
Node
redhatsatelliteMatch5.8
OR
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_for_ibm_z_systemsMatch6.0
OR
redhatenterprise_linux_for_ibm_z_systemsMatch7.0
OR
redhatenterprise_linux_for_ibm_z_systemsMatch8.0
OR
redhatenterprise_linux_for_power_big_endianMatch6.0
OR
redhatenterprise_linux_for_power_big_endianMatch7.0
OR
redhatenterprise_linux_for_power_little_endianMatch7.0
OR
redhatenterprise_linux_for_power_little_endianMatch8.0
OR
redhatenterprise_linux_for_scientific_computingMatch6.0
OR
redhatenterprise_linux_for_scientific_computingMatch7.0
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
VendorProductVersionCPE
libpnglibpng*cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.10cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
canonicalubuntu_linux19.04cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
oraclehyperion_infrastructure_technology11.2.6.0cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*
oraclejava_se7u221cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*
Rows per page:
1-10 of 571

References

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.005

Percentile

75.4%