ALT-PU-2019-2547-1
Closed vulnerabilities
Published: 2019-01-26
BDU:2019-03330
Уязвимость функции png_image_free (png.c) библиотеки для работы с растровой графикой в формате PNG libpng, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3)
Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2019-01-11
BDU:2019-04779
Уязвимость функции png_create_info_struct библиотеки для работы с растровой графикой в формате PNG libpng, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-07-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14048
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://github.com/fouzhe/security/tree/master/libpng
- https://github.com/fouzhe/security/tree/master/libpng
- https://github.com/glennrp/libpng/issues/238
- https://github.com/glennrp/libpng/issues/238
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- GLSA-201908-02
- GLSA-201908-02
Published: 2019-07-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14550
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
- https://github.com/glennrp/libpng/issues/246
- GLSA-201908-02
- https://security.netapp.com/advisory/ntap-20221028-0001/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://security.netapp.com/advisory/ntap-20221028-0001/
- GLSA-201908-02
- https://github.com/glennrp/libpng/issues/246
Published: 2019-01-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-6129
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2019-02-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-7317
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:1484
- openSUSE-SU-2019:1534
- openSUSE-SU-2019:1664
- openSUSE-SU-2019:1916
- openSUSE-SU-2019:1912
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- 108098
- RHSA-2019:1265
- RHSA-2019:1267
- RHSA-2019:1269
- RHSA-2019:1308
- RHSA-2019:1309
- RHSA-2019:1310
- RHSA-2019:2494
- RHSA-2019:2495
- RHSA-2019:2585
- RHSA-2019:2590
- RHSA-2019:2592
- RHSA-2019:2737
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
- https://github.com/glennrp/libpng/issues/275
- [debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
- [debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- 20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update
- 20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
- 20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
- 20190527 [SECURITY] [DSA 4451-1] thunderbird security update
- GLSA-201908-02
- https://security.netapp.com/advisory/ntap-20190719-0005/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
- USN-3962-1
- USN-3991-1
- USN-3997-1
- USN-4080-1
- USN-4083-1
- DSA-4435
- DSA-4448
- DSA-4451
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- openSUSE-SU-2019:1484
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- DSA-4451
- DSA-4448
- DSA-4435
- USN-4083-1
- USN-4080-1
- USN-3997-1
- USN-3991-1
- USN-3962-1
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
- https://security.netapp.com/advisory/ntap-20190719-0005/
- GLSA-201908-02
- 20190527 [SECURITY] [DSA 4451-1] thunderbird security update
- 20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
- 20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
- 20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- [debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
- [debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
- https://github.com/glennrp/libpng/issues/275
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
- RHSA-2019:2737
- RHSA-2019:2592
- RHSA-2019:2590
- RHSA-2019:2585
- RHSA-2019:2495
- RHSA-2019:2494
- RHSA-2019:1310
- RHSA-2019:1309
- RHSA-2019:1308
- RHSA-2019:1269
- RHSA-2019:1267
- RHSA-2019:1265
- 108098
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- openSUSE-SU-2019:1912
- openSUSE-SU-2019:1916
- openSUSE-SU-2019:1664
- openSUSE-SU-2019:1534