Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2019-7317

CVE information

Published

5 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Medium

Impact Analysis

Description

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute..

CVSSv2.0 Score

Severity
Low
Base Score
2.6/10
Exploit Score
4.9/10
Access Vector
Network
Access Complexity
High
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
Partial
Integrity Impact
None

CVSSv3.1 Score

Severity
Medium
Base Score
5.3/10
Exploit Score
1.6/10
Access Vector
Network
Access Complexity
High
Privileges Required
None
Impact Score
3.6/10
Confidentiality Impact
None
Availability Impact
High
Integrity Impact
None
Scope
Unchanged
User Interaction
Required

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
  Yes
1.6.0 1.6.37
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  Yes
- -
cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
  Yes
- 8.0.23
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0
  Yes
- -
cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:
  Yes
- 8.7.0-00
cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
  Yes
- 8.7.0-00
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vc
  Yes
- -
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
  Yes
- 3.4.2
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
  Yes
- 3.4.2
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*
  Yes
- -
cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*
  Yes
- -
cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmwar
  Yes
- -
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_
  Yes
- 9.6
cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*
  Yes
- 11.53
cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*
  Yes
- 7.3.9
cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*
  Yes
- 3.2
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows
  Yes
- 9.6
cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windo
  Yes
- -
cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*
  Yes
- 5.1
cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:
  Yes
- 4.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:
  Yes
- -
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:
  Yes
- -

References