Veracode Vulnerability DatabaseVERACODE:13707Denial Of Service (DoS)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
libpng is vulnerable to denial of service. Invoking png_image_free under png_safe_execute results in a use-after-free bug that causes the application to crash or allow arbitrary code execution.
References
lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
www.securityfocus.com/bid/108098
access.redhat.com/errata/RHSA-2019:1265
access.redhat.com/errata/RHSA-2019:1267
access.redhat.com/errata/RHSA-2019:1269
access.redhat.com/errata/RHSA-2019:1308
access.redhat.com/errata/RHSA-2019:1309
access.redhat.com/errata/RHSA-2019:1310
access.redhat.com/errata/RHSA-2019:2494
access.redhat.com/errata/RHSA-2019:2495
access.redhat.com/errata/RHSA-2019:2585
access.redhat.com/errata/RHSA-2019:2590
access.redhat.com/errata/RHSA-2019:2592
access.redhat.com/errata/RHSA-2019:2737
bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
github.com/glennrp/libpng/issues/275
lists.debian.org/debian-lts-announce/2019/05/msg00032.html
lists.debian.org/debian-lts-announce/2019/05/msg00038.html
seclists.org/bugtraq/2019/Apr/30
seclists.org/bugtraq/2019/Apr/36
seclists.org/bugtraq/2019/May/56
seclists.org/bugtraq/2019/May/59
seclists.org/bugtraq/2019/May/67
security.gentoo.org/glsa/201908-02
security.netapp.com/advisory/ntap-20190719-0005/
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
usn.ubuntu.com/3962-1/
usn.ubuntu.com/3991-1/
usn.ubuntu.com/3997-1/
usn.ubuntu.com/4080-1/
usn.ubuntu.com/4083-1/
www.debian.org/security/2019/dsa-4435
www.debian.org/security/2019/dsa-4448
www.debian.org/security/2019/dsa-4451
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P