CVE-2019-6129

Опубликовано: 11 янв. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

Ссылки

https://github.com/glennrp/libpng/issues/269
Exploit
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://github.com/glennrp/libpng/issues/269
Exploit
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00284

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-401

Связанные уязвимости

CVE-2019-6129

CVSS3: 6.5

ubuntu

около 7 лет назад

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

CVE-2019-6129

CVSS3: 3.3

redhat

около 7 лет назад

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

CVE-2019-6129

CVSS3: 6.5

debian

около 7 лет назад

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as ...

GHSA-rrr4-g4q4-hgr3

CVSS3: 6.5

github

больше 3 лет назад

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

BDU:2019-04779

CVSS3: 6.5

fstec

около 7 лет назад

Уязвимость функции png_create_info_struct библиотеки для работы с растровой графикой в формате PNG libpng, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 51%

0.00284

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-401