libpng is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition.
libpng version 1.6.36 is vulnerable; other versions may also be affected.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Bugtraq ID: | 108098 |
Class: | Design Error |
CVE: | CVE-2019-7317 |
Remote: | Yes |
Local: | No |
Published: | Jan 25 2019 12:00AM |
Updated: | Jul 17 2019 04:00AM |
Credit: | The vendor reported this issue. |
Vulnerable: | Oracle JRE(Windows Production Release) 12.0.1 Oracle JRE(Windows Production Release) 11.0.3 Oracle JRE(Windows Production Release) 1.8 Update 212 Oracle JRE(Windows Production Release) 1.7 Update 221 Oracle JRE(Solaris Production Release) 12.0.1 Oracle JRE(Solaris Production Release) 11.0.3 Oracle JRE(Solaris Production Release) 1.8 Update 212 Oracle JRE(Solaris Production Release) 1.7 Update 221 Oracle JRE(macOS Production Release) 12.0.1 Oracle JRE(macOS Production Release) 11.0.3 Oracle JRE(macOS Production Release) 1.8 Update 212 Oracle JRE(macOS Production Release) 1.7 Update 221 Oracle JRE(Linux Production Release) 12.0.1 Oracle JRE(Linux Production Release) 11.0.3 Oracle JRE(Linux Production Release) 1.8 Update 212 Oracle JRE(Linux Production Release) 1.7 Update 221 Oracle JDK(Windows Production Release) 12.0.1 Oracle JDK(Windows Production Release) 11.0.3 Oracle JDK(Windows Production Release) 1.8 Update 212 Oracle JDK(Windows Production Release) 1.7 Update 221 Oracle JDK(Solaris Production Release) 12.0.1 Oracle JDK(Solaris Production Release) 11.0.3 Oracle JDK(Solaris Production Release) 1.8 Update 212 Oracle JDK(Solaris Production Release) 1.7 Update 221 Oracle JDK(macOS Production Release) 12.0.1 Oracle JDK(macOS Production Release) 11.0.3 Oracle JDK(macOS Production Release) 1.8 Update 212 Oracle JDK(macOS Production Release) 1.7 Update 221 Oracle JDK(Linux Production Release) 12.0.1 Oracle JDK(Linux Production Release) 11.0.3 Oracle JDK(Linux Production Release) 1.8 Update 212 Oracle JDK(Linux Production Release) 1.7 Update 221 Oracle Java SE Embedded 8u211 libpng libpng 1.6.36 |
Not Vulnerable: | libpng libpng 1.6.37 |
References:
- Issue 12803: libpng-proto/png_transforms_fuzzer: Stack-use-after-return in OSS_F (Chromium)
- Red Hat Bugzilla â?? Bug 1672409 (Red Hat Bugzilla)
- Use after free #275 (Github)
- CVE-2019-7317 libpng: use-after-free in png_image_free in png.c (Redhat)
- DSA-4435-1 libpng1.6 -- security update (Debian)
- Oracle Critical Patch Update Advisory - July 2019 (Oracle)
from SecurityFocus Vulnerabilities https://ift.tt/2Gg24jp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.