Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-7317

Опубликовано: 04 фев. 2019
Источник: debian

Описание

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libpng1.6fixed1.6.36-4package
libpngremovedpackage
libpngnot-affectedjessiepackage
firefoxfixed67.0-1experimentalpackage
firefoxfixed67.0-2package
firefox-esrfixed60.7.0esr-1package
thunderbirdfixed1:60.7.0-1package

Примечания

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803

  • https://github.com/glennrp/libpng/issues/275

  • https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-7317

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317

Связанные уязвимости

ubuntu логотип

CVE-2019-7317

CVSS3: 5.3
ubuntu
больше 6 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

redhat логотип

CVE-2019-7317

CVSS3: 5.3
redhat
больше 6 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

nvd логотип

CVE-2019-7317

CVSS3: 5.3
nvd
больше 6 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

msrc логотип

CVE-2019-7317

CVSS3: 5.3
msrc
5 месяцев назад

Описание отсутствует

github логотип

GHSA-m96g-x499-p5f9

CVSS3: 5.3
github
больше 3 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.