CVE-2019-7317 - Vulnerability Details

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Hp	Xp7 Command View
Hpe	Xp7 Command View Advanced Edition Suite
Libpng	Libpng
Mozilla	Firefox Thunderbird
Netapp	Active Iq Unified Manager Cloud Backup E-series Santricity Management E-series Santricity Storage Manager E-series Santricity Unified Manager E-series Santricity Web Services Oncommand Insight Oncommand Workflow Automation Plug-in For Symantec Netbackup Snapmanager Steelstore
Opensuse	Leap Package Hub
Oracle	Hyperion Infrastructure Technology Java Se Jdk Mysql
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux For Ibm Z Systems Enterprise Linux For Power Big Endian Enterprise Linux For Power Little Endian Enterprise Linux For Scientific Computing Enterprise Linux Workstation Network Satellite Rhel Extras Satellite
Suse	Linux Enterprise

Configuration 1 [-]

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:::::::*
	cpe:2.3:a:oracle:java_se:7u221:::::::*
	cpe:2.3:a:oracle:java_se:8u212:::::::*
	cpe:2.3:a:oracle:jdk:11.0.3:::::::*
	cpe:2.3:a:oracle:jdk:12.0.1:::::::*
	cpe:2.3:a:oracle:mysql::::::::

Configuration 5 [-]

OR	cpe:2.3:a:hp:xp7_command_view:::::advanced:::*
	cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite::::::::

Configuration 6 [-]

OR	cpe:2.3:a:mozilla:firefox:-:::::::*
	cpe:2.3:a:mozilla:thunderbird:-:::::::*

Configuration 7 [-]

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:42.3:::::::*

Configuration 8 [-]

AND

cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 9 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
	cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::windows::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_management:-:::::vcenter::
	cpe:2.3:a:netapp:e-series_santricity_storage_manager::::::::
	cpe:2.3:a:netapp:e-series_santricity_unified_manager::::::::
	cpe:2.3:a:netapp:e-series_santricity_web_services::::::web_services_proxy::*
	cpe:2.3:a:netapp:oncommand_insight::::::::
	cpe:2.3:a:netapp:oncommand_workflow_automation::::::::
	cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*
	cpe:2.3:a:netapp:snapmanager::::::oracle::*
	cpe:2.3:a:netapp:snapmanager::::::sap::*
	cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::oracle::*
	cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::sap::*
	cpe:2.3:a:netapp:steelstore:-:::::::*

Configuration 10 [-]

OR	cpe:2.3:a:redhat:satellite:5.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
firefox-0:60.7.0-1.el6_10	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1267	2019-05-23T00:00:00Z
thunderbird-0:60.7.0-1.el6_10	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1310	2019-06-03T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el6_10	cpe:/a:redhat:rhel_extras:6	RHSA-2019:2494	2019-08-15T00:00:00Z
java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10	cpe:/a:redhat:rhel_extras:6	RHSA-2019:2592	2019-09-03T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:60.7.0-1.el7_6	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1265	2019-05-23T00:00:00Z
thunderbird-0:60.7.0-1.el7_6	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1309	2019-06-03T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el7	cpe:/a:redhat:rhel_extras:7	RHSA-2019:2495	2019-08-15T00:00:00Z
java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el7	cpe:/a:redhat:rhel_extras:7	RHSA-2019:2585	2019-09-02T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:60.7.0-1.el8_0	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:1269	2019-05-23T00:00:00Z
thunderbird-0:60.7.0-1.el8_0	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:1308	2019-06-03T00:00:00Z
java-1.8.0-ibm-1:1.8.0.5.40-3.el8_0	cpe:/a:redhat:enterprise_linux:8::supplementary	RHSA-2019:2590	2019-09-02T00:00:00Z
Red Hat Satellite 5.8
java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10	cpe:/a:redhat:network_satellite:5.8::el6	RHSA-2019:2737	2019-09-11T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
http://www.securityfocus.com/bid/108098
https://access.redhat.com/errata/RHSA-2019:1265
https://access.redhat.com/errata/RHSA-2019:1267
https://access.redhat.com/errata/RHSA-2019:1269
https://access.redhat.com/errata/RHSA-2019:1308
https://access.redhat.com/errata/RHSA-2019:1309
https://access.redhat.com/errata/RHSA-2019:1310
https://access.redhat.com/errata/RHSA-2019:2494
https://access.redhat.com/errata/RHSA-2019:2495
https://access.redhat.com/errata/RHSA-2019:2585
https://access.redhat.com/errata/RHSA-2019:2590
https://access.redhat.com/errata/RHSA-2019:2592
https://access.redhat.com/errata/RHSA-2019:2737
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
https://github.com/glennrp/libpng/issues/275
https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
https://nvd.nist.gov/vuln/detail/CVE-2019-7317
https://seclists.org/bugtraq/2019/Apr/30
https://seclists.org/bugtraq/2019/Apr/36
https://seclists.org/bugtraq/2019/May/56
https://seclists.org/bugtraq/2019/May/59
https://seclists.org/bugtraq/2019/May/67
https://security.gentoo.org/glsa/201908-02
https://security.netapp.com/advisory/ntap-20190719-0005/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
https://usn.ubuntu.com/3962-1/
https://usn.ubuntu.com/3991-1/
https://usn.ubuntu.com/3997-1/
https://usn.ubuntu.com/4080-1/
https://usn.ubuntu.com/4083-1/
https://www.cve.org/CVERecord?id=CVE-2019-7317
https://www.debian.org/security/2019/dsa-4435
https://www.debian.org/security/2019/dsa-4448
https://www.debian.org/security/2019/dsa-4451
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

History

Mon, 21 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla firefox
CPEs	cpe:2.3:a:mozilla:firefox_esr:-:::::::*	cpe:2.3:a:mozilla:firefox:-:::::::*
Vendors & Products	Mozilla firefox Esr	Mozilla firefox

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-02-04T07:00:00

Updated: 2024-08-04T20:46:45.928Z

Reserved: 2019-02-04T00:00:00

Link: CVE-2019-7317

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-02-04T08:29:00.447

Modified: 2024-11-21T04:48:00.033

Link: CVE-2019-7317

Redhat

Severity : Low

Publid Date: 2019-01-25T00:00:00Z

Links: CVE-2019-7317 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-20T10:38:36", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Apr/30"}, {"name": "DSA-4435", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4435"}, {"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Apr/36"}, {"name": "USN-3962-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3962-1/"}, {"name": "USN-3991-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3991-1/"}, {"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/56"}, {"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/59"}, {"name": "DSA-4448", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4448"}, {"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"}, {"name": "RHSA-2019:1265", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1265"}, {"name": "RHSA-2019:1267", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1267"}, {"name": "RHSA-2019:1269", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1269"}, {"name": "DSA-4451", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4451"}, {"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/67"}, {"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"}, {"name": "USN-3997-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3997-1/"}, {"name": "openSUSE-SU-2019:1484", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"}, {"name": "RHSA-2019:1310", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1310"}, {"name": "RHSA-2019:1308", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1308"}, {"name": "RHSA-2019:1309", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1309"}, {"name": "openSUSE-SU-2019:1534", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"}, {"name": "openSUSE-SU-2019:1664", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"}, {"name": "108098", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108098"}, {"name": "USN-4080-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4080-1/"}, {"name": "USN-4083-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4083-1/"}, {"name": "GLSA-201908-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-02"}, {"name": "RHSA-2019:2494", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2494"}, {"name": "RHSA-2019:2495", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2495"}, {"name": "openSUSE-SU-2019:1916", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"}, {"name": "openSUSE-SU-2019:1912", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"}, {"name": "RHSA-2019:2585", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2585"}, {"name": "RHSA-2019:2590", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2590"}, {"name": "RHSA-2019:2592", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2592"}, {"name": "RHSA-2019:2737", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2737"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/glennrp/libpng/issues/275"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190719-0005/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7317", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/30"}, {"name": "DSA-4435", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4435"}, {"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/36"}, {"name": "USN-3962-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3962-1/"}, {"name": "USN-3991-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3991-1/"}, {"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/56"}, {"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/59"}, {"name": "DSA-4448", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4448"}, {"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"}, {"name": "RHSA-2019:1265", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1265"}, {"name": "RHSA-2019:1267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1267"}, {"name": "RHSA-2019:1269", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1269"}, {"name": "DSA-4451", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4451"}, {"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/67"}, {"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"}, {"name": "USN-3997-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3997-1/"}, {"name": "openSUSE-SU-2019:1484", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"}, {"name": "RHSA-2019:1310", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1310"}, {"name": "RHSA-2019:1308", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1308"}, {"name": "RHSA-2019:1309", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1309"}, {"name": "openSUSE-SU-2019:1534", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"}, {"name": "openSUSE-SU-2019:1664", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"}, {"name": "108098", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108098"}, {"name": "USN-4080-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4080-1/"}, {"name": "USN-4083-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4083-1/"}, {"name": "GLSA-201908-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-02"}, {"name": "RHSA-2019:2494", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2494"}, {"name": "RHSA-2019:2495", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2495"}, {"name": "openSUSE-SU-2019:1916", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"}, {"name": "openSUSE-SU-2019:1912", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"}, {"name": "RHSA-2019:2585", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2585"}, {"name": "RHSA-2019:2590", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2590"}, {"name": "RHSA-2019:2592", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2592"}, {"name": "RHSA-2019:2737", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2737"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"}, {"name": "https://github.com/glennrp/libpng/issues/275", "refsource": "MISC", "url": "https://github.com/glennrp/libpng/issues/275"}, {"name": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190719-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190719-0005/"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:46:45.928Z"}, "title": "CVE Program Container", "references": [{"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Apr/30"}, {"name": "DSA-4435", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4435"}, {"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Apr/36"}, {"name": "USN-3962-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3962-1/"}, {"name": "USN-3991-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3991-1/"}, {"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/56"}, {"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/59"}, {"name": "DSA-4448", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4448"}, {"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"}, {"name": "RHSA-2019:1265", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1265"}, {"name": "RHSA-2019:1267", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1267"}, {"name": "RHSA-2019:1269", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1269"}, {"name": "DSA-4451", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4451"}, {"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/67"}, {"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"}, {"name": "USN-3997-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3997-1/"}, {"name": "openSUSE-SU-2019:1484", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"}, {"name": "RHSA-2019:1310", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1310"}, {"name": "RHSA-2019:1308", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1308"}, {"name": "RHSA-2019:1309", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1309"}, {"name": "openSUSE-SU-2019:1534", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"}, {"name": "openSUSE-SU-2019:1664", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"}, {"name": "108098", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108098"}, {"name": "USN-4080-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4080-1/"}, {"name": "USN-4083-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4083-1/"}, {"name": "GLSA-201908-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-02"}, {"name": "RHSA-2019:2494", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2494"}, {"name": "RHSA-2019:2495", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2495"}, {"name": "openSUSE-SU-2019:1916", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"}, {"name": "openSUSE-SU-2019:1912", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"}, {"name": "RHSA-2019:2585", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2585"}, {"name": "RHSA-2019:2590", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2590"}, {"name": "RHSA-2019:2592", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2592"}, {"name": "RHSA-2019:2737", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2737"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/glennrp/libpng/issues/275"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190719-0005/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7317", "datePublished": "2019-02-04T07:00:00", "dateReserved": "2019-02-04T00:00:00", "dateUpdated": "2024-08-04T20:46:45.928Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "078AA00A-515F-493E-A53E-FE1937FA8018", "versionEndExcluding": "1.6.37", "versionStartIncluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*", "matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C21D62F-F3DD-4E9E-B644-07CCC49F3D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*", "matchCriteriaId": "3999BDC1-BA77-4DBE-8041-D993BA9FF04D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*", "matchCriteriaId": "C2B2677D-6B48-45A2-8567-AB6DB9FF1B45", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EAF3DD5E-1A96-4285-84BA-EB5E31EF2516", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "32318CC6-B8C4-4429-BB8B-134DC202A27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "0185E85D-2C64-4D77-BC1D-A20165D5078E", "versionEndExcluding": "8.0.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*", "matchCriteriaId": "6B07BDE2-FE50-4C0E-9C73-6AA6C1D6C060", "versionEndExcluding": "8.7.0-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE33C1F1-DED8-424C-8942-E1A48A9EBA05", "versionEndExcluding": "8.7.0-00", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B8B0B75-0DF2-4B5C-BC81-2F8E172AEE4E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "60429DC5-C403-41D1-9DDF-30782D012DF6", "versionEndExcluding": "9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "95571D2E-5C83-484C-A44F-AC36972C67D1", "versionEndExcluding": "9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3AF659DD-C4AE-4DDC-B50B-327A717EFC74", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*", "matchCriteriaId": "40E21C6E-AEDF-43E8-AA80-629C77D24DF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*", "matchCriteriaId": "BADA4949-F766-4092-A6BC-1B85B5FB60FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FC01AF8-4A4B-4FC4-B07F-1193FEFF5A47", "versionEndExcluding": "11.53", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8557ED41-5B30-47C8-A556-6C1F6E8E227B", "versionEndExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "C7E42333-853D-4938-90EB-2A6653476357", "versionEndExcluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*", "matchCriteriaId": "82DC1F62-0DA2-4BB8-9AFE-4BC4366205F5", "versionEndExcluding": "7.3.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "2798786F-A818-4C52-BC20-0A69DB49D16A", "versionEndExcluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*", "matchCriteriaId": "41436638-0B88-4823-8208-81C01F2CA6A6", "versionEndExcluding": "3.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*", "matchCriteriaId": "910F5303-1F70-44E3-A951-567447BC46FF", "versionEndExcluding": "3.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*", "matchCriteriaId": "1925AC26-45D4-46D5-ACDD-91E5A90977B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*", "matchCriteriaId": "9DC6435A-8369-4D18-A6EE-84E73D6AA84D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5291B60-AB52-4830-8E1A-8048A471902C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "25C8B513-76C1-4184-A253-CB32F04A05BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "634C23AC-AC9C-43F4-BED8-1C720816D5E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."}, {"lang": "es", "value": "La funci\u00f3n png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la funci\u00f3n png_image_free_function es llamada bajo png_safe_execute."}], "id": "CVE-2019-7317", "lastModified": "2024-11-21T04:48:00.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-04T08:29:00.447", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108098"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1265"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1267"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1269"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1308"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1309"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1310"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2494"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2495"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2585"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2590"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2592"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2737"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/glennrp/libpng/issues/275"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/30"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/36"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/56"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/59"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/67"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-02"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190719-0005/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3962-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3991-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3997-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4080-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4083-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4435"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4448"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4451"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1269"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1310"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/glennrp/libpng/issues/275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190719-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3962-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3991-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3997-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4080-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4083-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4451"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:1267", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:60.7.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-05-23T00:00:00Z"}, {"advisory": "RHSA-2019:1310", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:60.7.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-06-03T00:00:00Z"}, {"advisory": "RHSA-2019:2494", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2019-08-15T00:00:00Z"}, {"advisory": "RHSA-2019:2592", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2019-09-03T00:00:00Z"}, {"advisory": "RHSA-2019:1265", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:60.7.0-1.el7_6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-23T00:00:00Z"}, {"advisory": "RHSA-2019:1309", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:60.7.0-1.el7_6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-06-03T00:00:00Z"}, {"advisory": "RHSA-2019:2495", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2019-08-15T00:00:00Z"}, {"advisory": "RHSA-2019:2585", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2019-09-02T00:00:00Z"}, {"advisory": "RHSA-2019:1269", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:60.7.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-23T00:00:00Z"}, {"advisory": "RHSA-2019:1308", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:60.7.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-06-03T00:00:00Z"}, {"advisory": "RHSA-2019:2590", "cpe": "cpe:/a:redhat:enterprise_linux:8::supplementary", "package": "java-1.8.0-ibm-1:1.8.0.5.40-3.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-02T00:00:00Z"}, {"advisory": "RHSA-2019:2737", "cpe": "cpe:/a:redhat:network_satellite:5.8::el6", "package": "java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10", "product_name": "Red Hat Satellite 5.8", "release_date": "2019-09-11T00:00:00Z"}], "bugzilla": {"description": "libpng: use-after-free in png_image_free in png.c", "id": "1672409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."], "name": "CVE-2019-7317", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libpng12", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libpng12", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-libpng", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-01-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-7317\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7317"], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object