Description
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- required
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- high
- Weaknesses
- CWE-416
Metadata
- Primary Vendor
- LIBPNG
- Published
- 2/4/2019
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
libpng : libpngdebian : debian_linuxdebian : debian_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxoracle : hyperion_infrastructure_technologyoracle : java_seoracle : java_seoracle : jdkoracle : jdkoracle : mysqlhp : xp7_command_viewhpe : xp7_command_view_advanced_edition_suitemozilla : firefoxmozilla : thunderbirdopensuse : leapopensuse : leapopensuse : leapopensuse : package_hubnetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : cloud_backupnetapp : e-series_santricity_managementnetapp : e-series_santricity_storage_managernetapp : e-series_santricity_unified_managernetapp : e-series_santricity_web_servicesnetapp : oncommand_insightnetapp : oncommand_workflow_automationnetapp : plug-in_for_symantec_netbackupnetapp : snapmanagernetapp : snapmanagernetapp : snapmanagernetapp : snapmanagernetapp : steelstoreredhat : satelliteredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linux_desktopredhat : enterprise_linux_desktopredhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_big_endianredhat : enterprise_linux_for_power_big_endianredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_scientific_computingredhat : enterprise_linux_for_scientific_computingredhat : enterprise_linux_workstationredhat : enterprise_linux_workstation
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.