REDHAT-BUG-1672409: Use After Free
First published: Mon Feb 04 2019(Updated: )
A vulnerability was found in libpng 1.6.36. The function png_image_free in png.c has a use-after-free because png_image_free_function is called under png_safe_execute. References: <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803</a> <a href="https://github.com/glennrp/libpng/issues/275">https://github.com/glennrp/libpng/issues/275</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libpng |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
- https://github.com/glennrp/libpng/issues/275
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1672411
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1672410
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1672414
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1672415
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1672416
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1672412
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1672413
- https://access.redhat.com/errata/RHSA-2019:1265
- https://access.redhat.com/errata/RHSA-2019:1267
- https://access.redhat.com/errata/RHSA-2019:1269
- https://access.redhat.com/errata/RHSA-2019:1308
- https://access.redhat.com/errata/RHSA-2019:1309
- https://access.redhat.com/errata/RHSA-2019:1310
- https://access.redhat.com/errata/RHSA-2019:2495
- https://access.redhat.com/errata/RHSA-2019:2494
- https://access.redhat.com/errata/RHSA-2019:2585
- https://access.redhat.com/errata/RHSA-2019:2590
- https://access.redhat.com/errata/RHSA-2019:2592
- https://access.redhat.com/errata/RHSA-2019:2737
- https://bugzilla.redhat.com/show_bug.cgi?id=1672409
Frequently Asked Questions
What is the severity of REDHAT-BUG-1672409?
The severity of REDHAT-BUG-1672409 is considered high due to the use-after-free vulnerability in libpng.
How do I fix REDHAT-BUG-1672409?
To fix REDHAT-BUG-1672409, you should update to the latest version of libpng that addresses this use-after-free issue.
What versions of libpng are affected by REDHAT-BUG-1672409?
REDHAT-BUG-1672409 affects libpng version 1.6.36 and potentially earlier versions.
What applications might be impacted by REDHAT-BUG-1672409?
Applications that utilize libpng for PNG image processing may be impacted by REDHAT-BUG-1672409.
Is there a workaround for REDHAT-BUG-1672409?
Currently, there are no known effective workarounds for REDHAT-BUG-1672409 other than upgrading libpng.
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-7317
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/libpng
- canonical/libpng