Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-7317

Опубликовано: 25 янв. 2019
Источник: redhat
CVSS3: 5.3

Описание

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Отчет

In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libpngNot affected
Red Hat Enterprise Linux 6libpngNot affected
Red Hat Enterprise Linux 7libpngNot affected
Red Hat Enterprise Linux 7libpng12Not affected
Red Hat Enterprise Linux 8libpngFix deferred
Red Hat Enterprise Linux 8libpng12Not affected
Red Hat Enterprise Linux 8mingw-libpngFix deferred
Red Hat Enterprise Linux 6firefoxFixedRHSA-2019:126723.05.2019
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2019:131003.06.2019
Red Hat Enterprise Linux 6 Supplementaryjava-1.7.1-ibmFixedRHSA-2019:249415.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1672409libpng: use-after-free in png_image_free in png.c

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-7317

CVSS3: 5.3
ubuntu
около 7 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

nvd логотип

CVE-2019-7317

CVSS3: 5.3
nvd
около 7 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

msrc логотип

CVE-2019-7317

CVSS3: 5.3
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2019-7317

CVSS3: 5.3
debian
около 7 лет назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...

github логотип

GHSA-m96g-x499-p5f9

CVSS3: 5.3
github
почти 4 года назад

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

5.3 Medium

CVSS3