PT-2019-3289 · Libpng Development Team+7 · Libpng+7

Publicado

2019-01-25

·

Atualizado

2026-04-14

·

CVE-2019-7317

CVSS v3.1

5.3

Média

VetorAV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libpng versions 1.6.x before 1.6.37
Description The issue is related to a use-after-free vulnerability in the png image free function, which can be exploited by a remote attacker to cause a denial of service. This occurs because the destructor png image free function is called on freed data. The vulnerability can be triggered using a specially crafted image.
Recommendations For libpng versions 1.6.x before 1.6.37, update to version 1.6.37 or later to resolve the issue. As a temporary workaround, consider restricting the use of the png image free function until a patch is available. Avoid using the png image free function under png safe execute to minimize the risk of exploitation.

Exploit

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2019-1941
ALT-PU-2019-2547
ALT-PU-2021-1338
ALT-PU-2021-2380
ALT-PU-2021-3668
AZL-45210
AZL-45288
BDU:2019-03330
CESA-2019_1265
CESA-2019_1267
CESA-2019_1269
CESA-2019_1308
CESA-2019_1309
CESA-2019_1310
CESA-2019_2590
CLEANSTART-2026-NJ21771
CVE-2019-7317
DLA-1800-1
DLA-1806-1
DSA-4435-1
DSA-4448-1
DSA-4451-1
MGASA-2019-0126
MGASA-2019-0190
MGASA-2019-0191
OPENSUSE-SU-2019:1530-1
OPENSUSE-SU-2019:1534-1
OPENSUSE-SU-2019:1664-1
OPENSUSE-SU-2019:1912-1
OPENSUSE-SU-2019:1916-1
OPENSUSE-SU-2019_1484-1
OPENSUSE-SU-2019_1530-1
OPENSUSE-SU-2019_1534-1
OPENSUSE-SU-2019_1912-1
OPENSUSE-SU-2019_1916-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
OPENSUSE-SU-2024:10972-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:1265
RHSA-2019:1267
RHSA-2019:1269
RHSA-2019:1308
RHSA-2019:1309
RHSA-2019:1310
RHSA-2019:2494
RHSA-2019:2495
RHSA-2019:2585
RHSA-2019:2590
RHSA-2019:2592
RHSA-2019:2737
RHSA-2019_1265
RHSA-2019_1267
RHSA-2019_1269
RHSA-2019_1308
RHSA-2019_1309
RHSA-2019_1310
RHSA-2019_2494
RHSA-2019_2495
RHSA-2019_2585
RHSA-2019_2590
RHSA-2019_2592
SUSE-SU-2019:1388-1
SUSE-SU-2019:1398-1
SUSE-SU-2019:1398-2
SUSE-SU-2019:1405-1
SUSE-SU-2019:14160-1
SUSE-SU-2019:14188-1
SUSE-SU-2019:1458-1
SUSE-SU-2019:2002-1
SUSE-SU-2019:2021-1
SUSE-SU-2019:2028-1
SUSE-SU-2019:2036-1
SUSE-SU-2019:2036-2
SUSE-SU-2019:2291-1
SUSE-SU-2019:2336-1
SUSE-SU-2019:2371-1
SUSE-SU-2019:3060-2
SUSE-SU-2019_1405-1
SUSE-SU-2019_14160-1
USN-3962-1
USN-3991-1
USN-3991-2
USN-3991-3
USN-3997-1
USN-4080-1
USN-4083-1

Produtos afetados

Alt Linux
Centos
Ibm Aix
Java Platform
Red Hat
Suse
Ubuntu
Libpng