Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-7317

Опубликовано: 25 янв. 2019
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

A vulnerability was found in libpng where a use-after-free issue exists in the png_image_free function within png.c. This vulnerability can be exploited by persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.

Отчет

In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libpngNot affected
Red Hat Enterprise Linux 6libpngNot affected
Red Hat Enterprise Linux 7libpngNot affected
Red Hat Enterprise Linux 7libpng12Not affected
Red Hat Enterprise Linux 8libpngFix deferred
Red Hat Enterprise Linux 8libpng12Not affected
Red Hat Enterprise Linux 8mingw-libpngFix deferred
Red Hat Enterprise Linux 6firefoxFixedRHSA-2019:126723.05.2019
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2019:131003.06.2019
Red Hat Enterprise Linux 6 Supplementaryjava-1.7.1-ibmFixedRHSA-2019:249415.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1672409libpng: use-after-free in png_image_free in png.c

EPSS

Процентиль: 68%
0.00565
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-7317

CVSS3: 5.3
ubuntu
около 7 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

nvd логотип

CVE-2019-7317

CVSS3: 5.3
nvd
около 7 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

msrc логотип

CVE-2019-7317

CVSS3: 5.3
msrc
около 1 года назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

debian логотип

CVE-2019-7317

CVSS3: 5.3
debian
около 7 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...

github логотип

GHSA-m96g-x499-p5f9

CVSS3: 5.3
github
почти 4 года назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

EPSS

Процентиль: 68%
0.00565
Низкий

5.3 Medium

CVSS3