Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2019-7317
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute..
CVSSv2.0 Score
- Severity
- Low
- Base Score
- 2.6/10
- Exploit Score
- 4.9/10
- Access Vector
- Network
- Access Complexity
- High
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 5.3/10
- Exploit Score
- 1.6/10
- Access Vector
- Network
- Access Complexity
- High
- Privileges Required
- None
- Impact Score
- 3.6/10
- Confidentiality Impact
- None
- Availability Impact
- High
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- Required
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* |
Yes
|
1.6.0 | 1.6.37 | |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.23 | |
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0 |
Yes
|
- | - | |
cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*: |
Yes
|
- | 8.7.0-00 | |
cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:* |
Yes
|
- | 8.7.0-00 | |
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vc |
Yes
|
- | - | |
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:* |
Yes
|
- | 3.4.2 | |
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:* |
Yes
|
- | 3.4.2 | |
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmwar |
Yes
|
- | - | |
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_ |
Yes
|
- | 9.6 | |
cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:* |
Yes
|
- | 11.53 | |
cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:* |
Yes
|
- | 7.3.9 | |
cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:* |
Yes
|
- | 3.2 | |
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows |
Yes
|
- | 9.6 | |
cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windo |
Yes
|
- | - | |
cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:* |
Yes
|
- | 5.1 | |
cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*: |
Yes
|
- | 4.0 | |
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6 |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7 |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*: |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7. |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*: |
Yes
|
- | - | |
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8. |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*: |
Yes
|
- | - |
References
- https://github.com/glennrp/libpng/issues/275
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
- https://seclists.org/bugtraq/2019/Apr/30
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.h
- https://www.debian.org/security/2019/dsa-4435
- https://seclists.org/bugtraq/2019/Apr/36
- https://usn.ubuntu.com/3962-1/
- https://usn.ubuntu.com/3991-1/
- https://seclists.org/bugtraq/2019/May/56
- https://seclists.org/bugtraq/2019/May/59
- https://www.debian.org/security/2019/dsa-4448
- https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html
- https://access.redhat.com/errata/RHSA-2019:1265
- https://access.redhat.com/errata/RHSA-2019:1269
- https://access.redhat.com/errata/RHSA-2019:1267
- https://www.debian.org/security/2019/dsa-4451
- https://seclists.org/bugtraq/2019/May/67
- https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
- https://usn.ubuntu.com/3997-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:1310
- https://access.redhat.com/errata/RHSA-2019:1309
- https://access.redhat.com/errata/RHSA-2019:1308
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
- http://www.securityfocus.com/bid/108098
- https://security.netapp.com/advisory/ntap-20190719-0005/
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://usn.ubuntu.com/4080-1/
- https://usn.ubuntu.com/4083-1/
- https://security.gentoo.org/glsa/201908-02
- https://access.redhat.com/errata/RHSA-2019:2494
- https://access.redhat.com/errata/RHSA-2019:2495
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
- https://access.redhat.com/errata/RHSA-2019:2585
- https://access.redhat.com/errata/RHSA-2019:2590
- https://access.redhat.com/errata/RHSA-2019:2592
- https://access.redhat.com/errata/RHSA-2019:2737
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst0397
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html