Описание
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Ссылки
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Not ApplicableThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.6.0 (включая) до 1.6.37 (исключая)
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Конфигурация 4Версия до 8.0.23 (исключая)
Одно из
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*
cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Конфигурация 5Версия до 8.7.0-00 (исключая)Версия до 8.7.0-00 (исключая)
Одно из
cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*
Конфигурация 6
Одно из
cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
Конфигурация 7
Одно из
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Конфигурация 8
Одновременно
cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
Конфигурация 9Версия до 9.6 (исключая)Версия до 9.6 (исключая)Версия до 11.53 (исключая)Версия до 3.2 (исключая)Версия до 4.0 (исключая)Версия до 7.3.9 (исключая)Версия до 5.1 (исключая)Версия до 3.4.2 (исключая)Версия до 3.4.2 (исключая)
Одно из
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
Конфигурация 10
Одно из
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00576
Низкий
5.3 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-416
Связанные уязвимости
CVSS3: 5.3
ubuntu
больше 6 лет назад
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVSS3: 5.3
redhat
больше 6 лет назад
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVSS3: 5.3
debian
больше 6 лет назад
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...
CVSS3: 5.3
github
больше 3 лет назад
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
EPSS
Процентиль: 68%
0.00576
Низкий
5.3 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-416