First published: Mon Feb 04 2019(Updated: )
A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libpng1.6 | <=1.6.28-1<=1.6.36-3<=1.6.36-2 | 1.6.36-4 1.6.28-1+deb9u1 |
Mozilla Thunderbird | <60.7 | 60.7 |
Mozilla Firefox ESR | <60.7 | 60.7 |
Mozilla Firefox | <67 | 67 |
Libpng Libpng | >=1.6.0<1.6.37 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Oracle Hyperion Infrastructure Technology | =11.2.6.0 | |
Oracle Java SE | =7u221 | |
Oracle Java SE | =8u212 | |
Oracle JDK | =11.0.3 | |
Oracle JDK | =12.0.1 | |
Oracle MySQL | <8.0.23 | |
Hp Xp7 Command View | <8.7.0-00 | |
Mozilla Firefox ESR | <8.7.0-00 | |
Mozilla Firefox ESR | ||
Mozilla Thunderbird | ||
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =42.3 | |
Mozilla Firefox ESR | ||
SUSE Linux Enterprise | =12.0 | |
Apple iPadOS | <9.6 | |
Apple watchOS | <9.6 | |
Apple iPadOS | =9.6 | |
Apple watchOS | =9.6 | |
Netapp Cloud Backup | ||
Netapp E-series Santricity Management | ||
Netapp E-series Santricity Storage Manager | <11.53 | |
IBM Cognos Controller 10.4.1 | <3.2 | |
IBM Cloud Pak for Business Automation | <4.0 | |
NetApp OnCommand Insight | <7.3.9 | |
NetApp OnCommand Workflow Automation | <5.1 | |
Netapp Plug-in For Symantec Netbackup | ||
Netapp Snapmanager | <3.4.2 | |
Netapp Snapmanager | <3.4.2 | |
Netapp Snapmanager | =3.4.2-p1 | |
Netapp Snapmanager | =3.4.2-p1 | |
Netapp Steelstore | ||
Redhat Satellite | =5.8 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux For Ibm Z Systems | =6.0 | |
Redhat Enterprise Linux For Ibm Z Systems | =7.0 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.0 | |
Redhat Enterprise Linux For Power Big Endian | =6.0 | |
Redhat Enterprise Linux For Power Big Endian | =7.0 | |
Redhat Enterprise Linux For Power Little Endian | =7.0 | |
Redhat Enterprise Linux For Power Little Endian | =8.0 | |
Redhat Enterprise Linux For Scientific Computing | =6.0 | |
Redhat Enterprise Linux For Scientific Computing | =7.0 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
All of | ||
Mozilla Firefox ESR | ||
SUSE Linux Enterprise | =12.0 | |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0 | 67.0 |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/libpng1.6 | <1.6.34-1ubuntu0.18.04.2 | 1.6.34-1ubuntu0.18.04.2 |
ubuntu/libpng1.6 | <1.6.34-2ubuntu0.1 | 1.6.34-2ubuntu0.1 |
ubuntu/libpng1.6 | <1.6.36-4 | 1.6.36-4 |
ubuntu/openjdk-8 | <8 | 8 |
ubuntu/openjdk-8 | <8 | 8 |
ubuntu/openjdk-8 | <8 | 8 |
ubuntu/openjdk-lts | <11.0.4+11-1ubuntu2~18.04.3 | 11.0.4+11-1ubuntu2~18.04.3 |
ubuntu/openjdk-lts | <11.0.4+11-1ubuntu2~19.04 | 11.0.4+11-1ubuntu2~19.04 |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <60.7 | 60.7 |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
debian/firefox | 125.0.2-1 | |
debian/firefox-esr | 91.12.0esr-1~deb10u1 115.10.0esr-1~deb10u1 115.7.0esr-1~deb11u1 115.10.0esr-1~deb11u1 115.7.0esr-1~deb12u1 115.10.0esr-1~deb12u1 115.8.0esr-1 115.10.0esr-1 | |
debian/libpng1.6 | 1.6.36-6 1.6.37-3 1.6.39-2 1.6.43-1 1.6.43-5 | |
debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.10.1-1~deb10u1 1:115.7.0-1~deb11u1 1:115.10.1-1~deb11u1 1:115.7.0-1~deb12u1 1:115.10.1-1~deb12u1 1:115.10.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)