First published: Tue Apr 30 2019(Updated: )
It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libpng16-16 | <1.6.34-2ubuntu0.1 | 1.6.34-2ubuntu0.1 |
=18.10 | ||
All of | ||
ubuntu/libpng16-16 | <1.6.34-1ubuntu0.18.04.2 | 1.6.34-1ubuntu0.18.04.2 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this libpng vulnerability is CVE-2019-7317.
The severity of the libpng vulnerability is high.
If a user or automated system opens a specially crafted PNG file, a remote attacker could cause libpng to crash or execute arbitrary code, resulting in a denial of service.
To fix the libpng vulnerability on Ubuntu 18.10, you need to update the libpng16-16 package to version 1.6.34-2ubuntu0.1 or later.
To fix the libpng vulnerability on Ubuntu 18.04, you need to update the libpng16-16 package to version 1.6.34-1ubuntu0.18.04.2 or later.