Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2019-7317

Published: 04/02/2019 Updated: 23/05/2022
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Subscribe to Libpng

Vulnerability Summary

png_image_free in png.c in libpng 1.6.x prior to 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libpng libpng

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 18.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.10

canonical ubuntu linux 19.04

oracle jdk 11.0.3

oracle jdk 12.0.1

oracle java se 8u212

oracle java se 7u221

oracle mysql

oracle hyperion infrastructure technology 11.2.6.0

hpe xp7 command view advanced edition suite

hp xp7 command view

mozilla thunderbird -

mozilla firefox esr -

opensuse leap 42.3

opensuse leap 15.0

opensuse leap 15.1

opensuse package_hub -

netapp cloud backup -

netapp steelstore -

netapp e-series santricity management -

netapp snapmanager

netapp plug-in for symantec netbackup -

netapp snapmanager 3.4.2

netapp active iq unified manager 9.6

netapp active iq unified manager

netapp e-series santricity storage manager

netapp e-series santricity unified manager

netapp e-series santricity web services

netapp oncommand insight

netapp oncommand workflow automation

redhat enterprise linux desktop 7.0

redhat enterprise linux for scientific computing 6.0

redhat enterprise linux workstation 7.0

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux for ibm z systems 6.0

redhat enterprise linux for power little endian 7.0

redhat enterprise linux desktop 6.0

redhat enterprise linux for power big endian 6.0

redhat satellite 5.8

redhat enterprise linux 8.0

redhat enterprise linux for ibm z systems 7.0

redhat enterprise linux for ibm z systems 8.0

redhat enterprise linux for power big endian 7.0

redhat enterprise linux for power little endian 8.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c
Debian Bug report logs - #921355 libpng16: CVE-2019-7317: use-after-free in png_image_free in pngc Package: src:libpng16; Maintainer for src:libpng16 is Maintainers of libpng16 packages <libpng16@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 4 Feb 2019 16:33:02 UTC Seve ...
Ubuntu Security Notice: firefox regression
USN-3991-2 caused a regression in Firefox ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: firefox regression
USN-3991-1 caused a regression in Firefox ...
Ubuntu Security Notice: libpng1.6 vulnerability
libpng be made to crash or run programs if it opened a specially crafted file ...
Ubuntu Security Notice: openjdk-lts vulnerabilities
Several security issues were fixed in OpenJDK 11 ...
Ubuntu Security Notice: openjdk-8 vulnerabilities
Several security issues were fixed in OpenJDK ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Debian Security Advisories: DSA-4451-1 thunderbird -- security update
Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service For the stable distribution (stretch), these problems have been fixed in version 1:6070-1~deb9u1 We recommend that you upgrade your thunderbird packages For the detailed security status of thunderbi ...
Debian Security Advisories: DSA-4435-1 libpng1.6 -- security update
A use-after-free vulnerability was discovered in the png_image_free() function in the libpng PNG library, which could lead to denial of service or potentially the execution of arbitrary code if a malformed image is processed For the stable distribution (stretch), this problem has been fixed in version 1628-1+deb9u1 We recommend that you upgrade ...
Debian Security Advisories: DSA-4448-1 firefox-esr -- security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 6070esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages For the detailed security status of firefox-esr ...
Red Hat: Important: java-1.7.1-ibm security update
Synopsis Important: java-171-ibm security update Type/Severity Security Advisory: Important Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Important: java-1.8.0-ibm security update
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: java-1.8.0-ibm security update
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: java-1.8.0-ibm security update
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Important: java-1.8.0-ibm security update
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Red Hat: Important: java-1.7.1-ibm security update
Synopsis Important: java-171-ibm security update Type/Severity Security Advisory: Important Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Amazon Linux 2: ALAS2-2019-1229
Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element This vul ...
Amazon Linux 2: ALAS2-2019-1246
OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) libpng: png_image_free in pngc in libpng has a use-after-free because png_image_free_function is called under png_safe_execute (CVE- ...
Red Hat: CVE-2019-7317
png_image_free in pngc in libpng 1636 has a use-after-free because png_image_free_function is called under png_safe_execute ...
Arch Linux Issues:
png_image_free in pngc in libpng 1636 has a use-after-free because png_image_free_function is called under png_safe_execute ...
Mozilla: Security vulnerabilities fixed in Thunderbird 60.7
Mozilla Foundation Security Advisory 2019-15 Security vulnerabilities fixed in Thunderbird 607 Announced May 21, 2019 Impact high Products Thunderbird Fixed in Thunderbird 607 ...
Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7
Mozilla Foundation Security Advisory 2019-14 Security vulnerabilities fixed in Firefox ESR 607 Announced May 21, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 607 ...
Mozilla: Security vulnerabilities fixed in Firefox 67
Mozilla Foundation Security Advisory 2019-13 Security vulnerabilities fixed in Firefox 67 Announced May 21, 2019 Impact critical Products Firefox Fixed in Firefox 67 ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisor
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisor CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please ...
Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please upgrade your version to the appropriate version These ...

References

CWE-416https://github.com/glennrp/libpng/issues/275https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803https://seclists.org/bugtraq/2019/Apr/30http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.htmlhttps://www.debian.org/security/2019/dsa-4435https://seclists.org/bugtraq/2019/Apr/36https://usn.ubuntu.com/3962-1/https://usn.ubuntu.com/3991-1/https://seclists.org/bugtraq/2019/May/56https://seclists.org/bugtraq/2019/May/59https://www.debian.org/security/2019/dsa-4448https://lists.debian.org/debian-lts-announce/2019/05/msg00032.htmlhttps://access.redhat.com/errata/RHSA-2019:1265https://access.redhat.com/errata/RHSA-2019:1269https://access.redhat.com/errata/RHSA-2019:1267https://www.debian.org/security/2019/dsa-4451https://seclists.org/bugtraq/2019/May/67https://lists.debian.org/debian-lts-announce/2019/05/msg00038.htmlhttps://usn.ubuntu.com/3997-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.htmlhttps://access.redhat.com/errata/RHSA-2019:1310https://access.redhat.com/errata/RHSA-2019:1309https://access.redhat.com/errata/RHSA-2019:1308http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.htmlhttp://www.securityfocus.com/bid/108098https://security.netapp.com/advisory/ntap-20190719-0005/https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://usn.ubuntu.com/4080-1/https://usn.ubuntu.com/4083-1/https://security.gentoo.org/glsa/201908-02https://access.redhat.com/errata/RHSA-2019:2494https://access.redhat.com/errata/RHSA-2019:2495http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.htmlhttps://access.redhat.com/errata/RHSA-2019:2585https://access.redhat.com/errata/RHSA-2019:2590https://access.redhat.com/errata/RHSA-2019:2592https://access.redhat.com/errata/RHSA-2019:2737https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_ushttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355https://nvd.nist.govhttps://usn.ubuntu.com/3991-3/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook