2.6
CVSSv2

CVE-2019-7317

Published: 04/02/2019 Updated: 18/04/2019
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 241
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Summary

png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.

Vulnerability Trend

Affected Products

Vendor Product Versions
LibpngLibpng1.6.36

Vendor Advisories

png_image_free in pngc in libpng 1636 has a use-after-free because png_image_free_function is called under png_safe_execute ...
Arch Linux Security Advisory ASA-201904-10 ========================================== Severity: Low Date : 2019-04-24 CVE-ID : CVE-2019-7317 Package : libpng Type : denial of service Remote : No Link : securityarchlinuxorg/AVG-868 Summary ======= The package libpng before version 1636-2 is vulnerable to denial of service ...
png_image_free in pngc in libpng 1636 has a use-after-free because png_image_free_function is called under png_safe_execute ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2019-107-01) New libpng packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/libpng-1637-i586-1_slack142txz: Upgraded This update ...