CVE-2019-7317

MEDIUMMonitor

Published:Feb 4, 2019(7 years ago)

Modified:Nov 21, 2024

Remote ExploitNo Auth Required

Vulnerability Description

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Attack Characteristics

Network AccessHigh ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
libpng	libpng	1.6.0 - 1.6.37	-
debian	debian_linux	-	-
debian	debian_linux	-

Timeline

Published
CVE disclosed publicly
Feb 4, 20197 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://www.debian.org/security/2019/dsa-4435Third Party Advisory
https://www.debian.org/security/2019/dsa-4448Third Party Advisory
https://www.debian.org/security/2019/dsa-4451Third Party Advisory

CVSS Score

v3.1

5.3/ 10.0

MEDIUM

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

At a Glance

Affected Products

References

libpng / libpng

https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-507283...Patch

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002....Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044....Mailing List

http://packetstormsecurity.com/files/152561/Slackware-Security-Advisor...Third Party Advisory

http://www.securityfocus.com/bid/108098Not Applicable

https://access.redhat.com/errata/RHSA-2019:1265Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1267Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1269Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1308Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1309Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1310Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2494Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2495Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2585Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2590Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2592Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2737Third Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803Issue Tracking

https://github.com/glennrp/libpng/issues/275Exploit

https://lists.debian.org/debian-lts-announce/2019/05/msg00032.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/05/msg00038.htmlMailing List

https://seclists.org/bugtraq/2019/Apr/30Issue Tracking

https://seclists.org/bugtraq/2019/Apr/36Issue Tracking

https://seclists.org/bugtraq/2019/May/56Issue Tracking

https://seclists.org/bugtraq/2019/May/59Issue Tracking

https://seclists.org/bugtraq/2019/May/67Issue Tracking

https://security.gentoo.org/glsa/201908-02Third Party Advisory

https://security.netapp.com/advisory/ntap-20190719-0005/Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=...Third Party Advisory

https://usn.ubuntu.com/3962-1/Third Party Advisory

https://usn.ubuntu.com/3991-1/Third Party Advisory

https://usn.ubuntu.com/3997-1/Third Party Advisory

https://www.debian.org/security/2019/dsa-4435Third Party Advisory

https://www.debian.org/security/2019/dsa-4448Third Party Advisory

https://www.debian.org/security/2019/dsa-4451Third Party Advisory