Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Network

0

CVE-2019-7317

Disclosure Date: February 04, 2019 •

CVE-2019-7317 CVSS v3 Base Score: 5.3

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.3 Medium

Impact Score:

3.6

Exploitability Score:

1.6

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

Products

References

Canonical

CVE-2019-7317 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317)

BID-108098 (http://www.securityfocus.com/bid/108098)

Advisory

20190417 [slackware-security] libpng (SSA:2019-107-01) (https://seclists.org/bugtraq/2019/Apr/30)

DSA-4435 (https://www.debian.org/security/2019/dsa-4435)

20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update (https://seclists.org/bugtraq/2019/Apr/36)

USN-3962-1 (https://usn.ubuntu.com/3962-1)

USN-3991-1 (https://usn.ubuntu.com/3991-1)

20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01) (https://seclists.org/bugtraq/2019/May/56)

20190523 [SECURITY] [DSA 4448-1] firefox-esr security update (https://seclists.org/bugtraq/2019/May/59)

DSA-4448 (https://www.debian.org/security/2019/dsa-4448)

[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update (https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html)

https://access.redhat.com/errata/RHSA-2019:1265

https://access.redhat.com/errata/RHSA-2019:1267

https://access.redhat.com/errata/RHSA-2019:1269

DSA-4451 (https://www.debian.org/security/2019/dsa-4451)

20190527 [SECURITY] [DSA 4451-1] thunderbird security update (https://seclists.org/bugtraq/2019/May/67)

[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update (https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html)

USN-3997-1 (https://usn.ubuntu.com/3997-1)

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html

https://access.redhat.com/errata/RHSA-2019:1310

https://access.redhat.com/errata/RHSA-2019:1308

https://access.redhat.com/errata/RHSA-2019:1309

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html

https://security.netapp.com/advisory/ntap-20190719-0005

USN-4080-1 (https://usn.ubuntu.com/4080-1)

USN-4083-1 (https://usn.ubuntu.com/4083-1)

GLSA-201908-02 (https://security.gentoo.org/glsa/201908-02)

https://access.redhat.com/errata/RHSA-2019:2494

https://access.redhat.com/errata/RHSA-2019:2495

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html

https://access.redhat.com/errata/RHSA-2019:2585

https://access.redhat.com/errata/RHSA-2019:2590

https://access.redhat.com/errata/RHSA-2019:2592

https://access.redhat.com/errata/RHSA-2019:2737

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us

USN-3962-1 (https://usn.ubuntu.com/3962-1/)

USN-3991-1 (https://usn.ubuntu.com/3991-1/)

USN-3997-1 (https://usn.ubuntu.com/3997-1/)

https://security.netapp.com/advisory/ntap-20190719-0005/

USN-4080-1 (https://usn.ubuntu.com/4080-1/)

USN-4083-1 (https://usn.ubuntu.com/4083-1/)

Miscellaneous

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803

https://github.com/glennrp/libpng/issues/275

http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpuoct2021.html

Rapid7

Technical Analysis