5.3

CVE-2019-7317

Exploit

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version >= 1.6.0 < 1.6.37
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version16.04
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
OracleJava Se Version7u221
OracleJava Se Version8u212
OracleJdk Version11.0.3
OracleJdk Version12.0.1
OracleMysql Version < 8.0.23
HpXp7 Command View SwEditionadvanced Version < 8.7.0-00
MozillaFirefox Version-
MozillaThunderbird Version-
OpensuseLeap Version15.0
OpensuseLeap Version15.1
OpensuseLeap Version42.3
OpensusePackage Hub Version-
   SuseLinux Enterprise Version12.0
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version < 9.6
NetappActive Iq Unified Manager SwPlatformwindows Version < 9.6
NetappActive Iq Unified Manager Version9.6 SwPlatformvmware_vsphere
NetappActive Iq Unified Manager Version9.6 SwPlatformwindows
NetappCloud Backup Version-
NetappE-series Santricity Management Version- SwPlatformvcenter
NetappE-series Santricity Web Services SwPlatformweb_services_proxy Version < 4.0
NetappOncommand Insight Version < 7.3.9
NetappSnapmanager SwPlatformoracle Version < 3.4.2
NetappSnapmanager SwPlatformsap Version < 3.4.2
NetappSnapmanager Version3.4.2 Updatep1 SwPlatformoracle
NetappSnapmanager Version3.4.2 Updatep1 SwPlatformsap
NetappSteelstore Version-
RedhatSatellite Version5.8
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.99% 0.762
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:N/A:P
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://seclists.org/bugtraq/2019/Apr/30
Third Party Advisory
Mailing List
Issue Tracking
http://www.securityfocus.com/bid/108098
Third Party Advisory
VDB Entry
Not Applicable
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/glennrp/libpng/issues/275
Third Party Advisory
Exploit
Issue Tracking
https://seclists.org/bugtraq/2019/Apr/36
Third Party Advisory
Mailing List
Issue Tracking
https://seclists.org/bugtraq/2019/May/56
Third Party Advisory
Mailing List
Issue Tracking
https://seclists.org/bugtraq/2019/May/59
Third Party Advisory
Mailing List
Issue Tracking
https://seclists.org/bugtraq/2019/May/67
Third Party Advisory
Mailing List
Issue Tracking
https://usn.ubuntu.com/3962-1/
Third Party Advisory
https://usn.ubuntu.com/3991-1/
Third Party Advisory
https://usn.ubuntu.com/3997-1/
Third Party Advisory
https://usn.ubuntu.com/4080-1/
Third Party Advisory
https://usn.ubuntu.com/4083-1/
Third Party Advisory