CVE-2019-7317
moderate-risk
Published 2019-02-04
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Do I need to act?
-
0.56% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Java Se
Java Se
Xp7 Command View Advanced Edition Suite
References (84)
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
Third Party Advisory
http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-U...
Not Applicable
http://www.securityfocus.com/bid/108098
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1265
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1267
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1269
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1308
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1309
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1310
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2494
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2495
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2585
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2590
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2592
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2737
Issue Tracking
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
and 64 more references
45
/ 100
moderate-risk
Severity
17/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
26/34 · High