CVE-2019-7317 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Denial of service |
| Description | png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-966 | firefox | 66.0.5-1 | 67.0-1 | Critical | Fixed | |
| AVG-965 | thunderbird | 60.6.1-2 | 60.7.0-1 | Critical | Fixed | |
| AVG-868 | libpng | 1.6.36-1 | 1.6.37-1 | Low | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 23 May 2019 | ASA-201905-9 | AVG-966 | firefox | Critical | multiple issues |
| 23 May 2019 | ASA-201905-8 | AVG-965 | thunderbird | Critical | multiple issues |
| 24 Apr 2019 | ASA-201904-10 | AVG-868 | libpng | Low | denial of service |
| References |
|---|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803 https://github.com/glennrp/libpng/issues/275 |