ID

VAR-201902-0855


CVE

CVE-2019-7317


TITLE

libpng Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

DESCRIPTION

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. libpng version 1.6.36 is vulnerable; other versions may also be affected. ========================================================================== Ubuntu Security Notice USN-3962-1 April 30, 2019 libpng1.6 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS Summary: libpng be made to crash or run programs if it opened a specially crafted file. Software Description: - libpng1.6: PNG (Portable Network Graphics) file library Details: It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libpng16-16 1.6.34-2ubuntu0.1 Ubuntu 18.04 LTS: libpng16-16 1.6.34-1ubuntu0.18.04.2 In general, a standard system update will make all the necessary changes. 6) - i386, x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning 6. 8) - aarch64, ppc64le, s390x, x86_64 3. For the stable distribution (stretch), these problems have been fixed in version 1:60.7.0-1~deb9u1. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWm4ACgkQEMKTtsN8 TjbzCxAAkzMt+0SOM3NCOQ6tLLP1EWDUnRiBvTwq6JfJYRvngfSc2A2oHKLtDPF7 8NNdpvzNyXZUo1ARTMmoK/5slDalTvUF6+11mydrHw2oIasIOuiaxN1N9mRk2nIN 7LF/cZZyu/ghjuoCV10F5BRropCRxGcZUBM1fTmz9RO7YFOvHmn6s+PmJCag6XWy Iuq3JIP6hNYPTi+UBCU7oaMQD0P9Z1x3QCs/kraYps3dUxH7/o8Kw5Yqa91TsTn9 KiQPoeTTHfwk3n4NKCgczpPW2OZQZncowa9dg9LFd6N0uGOgoy3bCIjR/xYk7fan VaxbkNX613KHDjZauUCit0MrvlXBxOi4S0jAY5tU5uCvM7EtNat6IozZyxfVcW+/ gGt6a+IUXAGD9Y5IjIklsDMm2aM2Wxx8B+Es4TUw1ihddKrtiQx6e1cYOPUSlsYH 7wgKKrIjwnQJ0B41pTqTKngDaFR9WGnQ2+Mix8OIrDKx7rilNtLnuhRvQ52ZAIoV 5qtzrm4WfuG0OJi5Sql4O7euTbQgnuPWqp448WiRMYtR9mSVMDUOxpG79Fx0R/Hi TBmSmzMxMPKcFdc0nqELSCi3YArxtsUUjSOrilji60VSwiLItxNZsPPzs94zYirV +BXY7WOtP26CgkaGhBoUDfU1JL8mwP5+UkHpmgoJbtADT2lBH/o= =uTpA -----END PGP SIGNATURE----- . Description: Mozilla Thunderbird is a standalone mail and newsgroup client. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2019-107-01) New libpng packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. Fixed a memory leak in pngtest.c. Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in contrib/pngminus; refactor. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz Slackware x86_64 14.2 package: e141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz Slackware -current package: 0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz Slackware x86_64 -current package: d8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libpng-1.6.37-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2019:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1267 Issue date: 2019-05-23 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712625 - CVE-2019-9816 Mozilla: Type confusion with object groups and UnboxedObjects 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-60.7.0-1.el6_10.src.rpm i386: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm x86_64: firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-60.7.0-1.el6_10.src.rpm x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-60.7.0-1.el6_10.src.rpm i386: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm ppc64: firefox-60.7.0-1.el6_10.ppc64.rpm firefox-debuginfo-60.7.0-1.el6_10.ppc64.rpm s390x: firefox-60.7.0-1.el6_10.s390x.rpm firefox-debuginfo-60.7.0-1.el6_10.s390x.rpm x86_64: firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-60.7.0-1.el6_10.src.rpm i386: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm x86_64: firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9816 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXObA+NzjgjWX9erEAQhdLg//Y2Qy3oBF2JXo0FDIAlvxGC0bBSZ5kIpr 2aZqeaEIQDfHbm2mNa5fGidU+zFgvwuAxmCjrURuGYx0GAtje4XH+oEa09Ri5VQS Wdm2faaOLj36IsIawC8RUQLzm8jIlZiYyeEKGFZj/PY8oFRcTBoebqqyTUAin+oC cCXcGcckGLouKi5rj9Q1pUcCzjnVDAUmMb00dF+8KbTUGHnMwMYF43ogBggN0ril ePFEsAZQ5tcapBQ7nqBkUJNsMMuKoVRcLyI+DUdEPOsetEhaOzMmWBkMtEV1VAN1 RaGzw6Xp34jVHhhqMznhFNZ/rkLVfr5hRwwTkeA9a8uq6kEW1LdhfIch62iWb00H AgSrwURUfOuPUKO6lHqg1FJEtIxqfY3GlpSCxhSWwZ/tUpmQcGuYK97zIl4lw5m4 i5dxQKxnVk+U116iU7kl3M8YKsK+HG2dFxjEFNdvnsnM+KBHurM5ANpo/AwP3E5i EKj4gL2USYekfUykbWk5gERbj/Rn8hdChgBFDGL7h7BevTw+jGXxctXDqw6n0BR+ yDJV98Vl44mkdrTnYvrIcFQTtNVMNkoS3ZbGq+tR/8ZZIwo28+qXnor1KTUBchJ/ HC8+r9xE+SZy2fxxI9esbwVkSsN5TaxOFFzf4uYDy/dQExCULJbQSsyGyvxdz0b8 74xrhCg7IBo=PKHG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2019-7317 // BID: 108098 // VULMON: CVE-2019-7317 // PACKETSTORM: 152702 // PACKETSTORM: 154069 // PACKETSTORM: 153067 // PACKETSTORM: 153087 // PACKETSTORM: 153158 // PACKETSTORM: 152561 // PACKETSTORM: 153065

AFFECTED PRODUCTS

vendor:oraclemodel:mysqlscope:ltversion:8.0.23

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:snapmanagerscope:ltversion:3.4.2

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:netappmodel:e-series santricity managementscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:6.0

Trust: 1.0

vendor:libpngmodel:libpngscope:gteversion:1.6.0

Trust: 1.0

vendor:libpngmodel:libpngscope:ltversion:1.6.37

Trust: 1.0

vendor:redhatmodel:enterprise linux for scientific computingscope:eqversion:6.0

Trust: 1.0

vendor:mozillamodel:thunderbirdscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity unified managerscope:ltversion:3.2

Trust: 1.0

vendor:netappmodel:e-series santricity storage managerscope:ltversion:11.53

Trust: 1.0

vendor:hpemodel:xp7 command view advanced edition suitescope:ltversion:8.7.0-00

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:opensusemodel:package hubscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for power big endianscope:eqversion:7.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:ltversion:5.1

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:42.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:plug-in for symantec netbackupscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:java sescope:eqversion:7u221

Trust: 1.0

vendor:mozillamodel:firefoxscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:oncommand insightscope:ltversion:7.3.9

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:ltversion:4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for scientific computingscope:eqversion:7.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion:9.6

Trust: 1.0

vendor:redhatmodel:satellitescope:eqversion:5.8

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:12.0.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:hpmodel:xp7 command viewscope:ltversion:8.7.0-00

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:11.0.3

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion:3.4.2

Trust: 1.0

vendor:netappmodel:steelstorescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:hyperion infrastructure technologyscope:eqversion:11.2.6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:java sescope:eqversion:8u212

Trust: 1.0

vendor:redhatmodel:enterprise linux for power big endianscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:ltversion:9.6

Trust: 1.0

vendor:libpngmodel:libpngscope:eqversion:1.6.36

Trust: 0.3

vendor:libpngmodel:libpngscope:neversion:1.6.37

Trust: 0.3

sources: BID: 108098 // NVD: CVE-2019-7317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7317
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201902-012
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-7317
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-7317
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2019-7317
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2019-7317 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

sources: NVD: CVE-2019-7317

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 152702 // CNNVD: CNNVD-201902-012

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

PATCH

title:Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.curl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ef2bbc82329f4e3dd9e23c0137af2a7b

Trust: 0.1

title:Ubuntu Security Notice: libpng1.6 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3962-1

Trust: 0.1

title:Debian Security Advisories: DSA-4435-1 libpng1.6 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d60ba88361ab9afdcad18ca2a106ac3b

Trust: 0.1

title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192494 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192495 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-201904-10] libpng: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201904-10

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192737 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-7317url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-7317

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192585 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192590 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192592 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-7317

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191308 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191310 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191265 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191269 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191309 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openjdk-lts vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4083-1

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191267 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openjdk-8 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4080-1

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3997-1

Trust: 0.1

title:Debian Security Advisories: DSA-4451-1 thunderbird -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=1cf7f39c2c474666174a69cf97b06740

Trust: 0.1

title:Ubuntu Security Notice: firefox regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-3

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIXurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=61e62f4d9c861153c6391afc0ec560a4

Trust: 0.1

title:Debian Security Advisories: DSA-4448-1 firefox-esr -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e2d9ccf571c31c1011ad31af2798140f

Trust: 0.1

title:Ubuntu Security Notice: firefox regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-2

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-8] thunderbird: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-8

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1246url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1246

Trust: 0.1

title:Mozilla: Mozilla Foundation Security Advisory 2019-14url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-14

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONASurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4a8e20a238934bc47ca332a3c76cc9c3

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisorurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-117

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=acad3ac1b2767940a01b72ed1b51586b

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-9] firefox: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-9

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-116

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1229url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1229

Trust: 0.1

title:Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=554d832b08166d6d04a53f3c421e7f9b

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2019 – Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Timeurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=de7b9859dff396513e72da22ffc4ab3e

Trust: 0.1

title:Mozilla: Mozilla Foundation Security Advisory 2019-15url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-15

Trust: 0.1

title:Mozilla: Security vulnerabilities fixed in Thunderbird 60.7url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=198e3a670ab8c803584e801da3919e61

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Editionurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=836b059f33e614408bd51705b325caaf

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterpriseurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b352b6737bfbf2a62b0a2201928e8963

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStackurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ad5c6091de269fb79e0c4d1c06b0846

Trust: 0.1

title:Mozilla: Security vulnerabilities fixed in Firefox 67url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=730fce689efe63b7de803de0d8794796

Trust: 0.1

title:Mozilla: Mozilla Foundation Security Advisory 2019-13url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-13

Trust: 0.1

title:IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-zurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ef3e54cc5cdc194f0526779f9480f89

Trust: 0.1

sources: VULMON: CVE-2019-7317

EXTERNAL IDS

db:NVDid:CVE-2019-7317

Trust: 2.7

db:BIDid:108098

Trust: 2.0

db:PACKETSTORMid:152561

Trust: 1.8

db:PACKETSTORMid:152702

Trust: 0.7

db:PACKETSTORMid:152664

Trust: 0.6

db:AUSCERTid:ESB-2019.1877

Trust: 0.6

db:AUSCERTid:ESB-2019.1491

Trust: 0.6

db:AUSCERTid:ESB-2019.4466

Trust: 0.6

db:AUSCERTid:ESB-2020.0775

Trust: 0.6

db:AUSCERTid:ESB-2019.1454

Trust: 0.6

db:AUSCERTid:ESB-2019.4293

Trust: 0.6

db:AUSCERTid:ESB-2019.4381

Trust: 0.6

db:CS-HELPid:SB2021042108

Trust: 0.6

db:CNNVDid:CNNVD-201902-012

Trust: 0.6

db:VULMONid:CVE-2019-7317

Trust: 0.1

db:PACKETSTORMid:154069

Trust: 0.1

db:PACKETSTORMid:153067

Trust: 0.1

db:PACKETSTORMid:153087

Trust: 0.1

db:PACKETSTORMid:153158

Trust: 0.1

db:PACKETSTORMid:153065

Trust: 0.1

sources: VULMON: CVE-2019-7317 // BID: 108098 // PACKETSTORM: 152702 // PACKETSTORM: 154069 // PACKETSTORM: 153067 // PACKETSTORM: 153087 // PACKETSTORM: 153158 // PACKETSTORM: 152561 // PACKETSTORM: 153065 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

REFERENCES

url:http://packetstormsecurity.com/files/152561/slackware-security-advisory-libpng-updates.html

Trust: 2.9

url:https://www.debian.org/security/2019/dsa-4435

Trust: 2.6

url:https://usn.ubuntu.com/3962-1/

Trust: 2.4

url:http://www.securityfocus.com/bid/108098

Trust: 2.4

url:https://www.debian.org/security/2019/dsa-4451

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://github.com/glennrp/libpng/issues/275

Trust: 2.0

url:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803

Trust: 2.0

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2019:1269

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:1267

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:1310

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2494

Trust: 1.8

url:https://seclists.org/bugtraq/2019/apr/30

Trust: 1.7

url:https://seclists.org/bugtraq/2019/apr/36

Trust: 1.7

url:https://usn.ubuntu.com/3991-1/

Trust: 1.7

url:https://seclists.org/bugtraq/2019/may/56

Trust: 1.7

url:https://seclists.org/bugtraq/2019/may/59

Trust: 1.7

url:https://www.debian.org/security/2019/dsa-4448

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:1265

Trust: 1.7

url:https://seclists.org/bugtraq/2019/may/67

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html

Trust: 1.7

url:https://usn.ubuntu.com/3997-1/

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:1309

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:1308

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20190719-0005/

Trust: 1.7

url:https://usn.ubuntu.com/4080-1/

Trust: 1.7

url:https://usn.ubuntu.com/4083-1/

Trust: 1.7

url:https://security.gentoo.org/glsa/201908-02

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2495

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2585

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2590

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2592

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2737

Trust: 1.7

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03977en_us

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2019-7317

Trust: 1.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-7317

Trust: 1.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1672409

Trust: 0.9

url:https://github.com/glennrp/libpng/issues/275exploitissue trackingthird party advisory

Trust: 0.6

url:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803mailing listthird party advisory

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193060-1.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1096270

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106139

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106487

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106553

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106493

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79850

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4381/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1107879

Trust: 0.6

url:https://packetstormsecurity.com/files/152702/ubuntu-security-notice-usn-3962-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79998

Trust: 0.6

url:https://packetstormsecurity.com/files/152664/debian-security-advisory-4435-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-6/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1138432

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4293/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4466/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1074382

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1137448

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0775/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1877/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-18511

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9820

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11698

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11691

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9819

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9800

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9817

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9797

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-5798

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11693

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11692

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9816

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9817

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11698

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9797

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11692

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11693

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9819

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-18511

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9820

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9800

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11691

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5798

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9816

Trust: 0.2

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-14/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59551

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3962-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-2ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.18.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2816

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2816

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2769

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/thunderbird

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-15/

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14048

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7317

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14550

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14048

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

sources: VULMON: CVE-2019-7317 // BID: 108098 // PACKETSTORM: 152702 // PACKETSTORM: 154069 // PACKETSTORM: 153067 // PACKETSTORM: 153087 // PACKETSTORM: 153158 // PACKETSTORM: 152561 // PACKETSTORM: 153065 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

CREDITS

Ubuntu,Debian,Slackware Security Team

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

SOURCES

db:VULMONid:CVE-2019-7317
db:BIDid:108098
db:PACKETSTORMid:152702
db:PACKETSTORMid:154069
db:PACKETSTORMid:153067
db:PACKETSTORMid:153087
db:PACKETSTORMid:153158
db:PACKETSTORMid:152561
db:PACKETSTORMid:153065
db:CNNVDid:CNNVD-201902-012
db:NVDid:CVE-2019-7317

LAST UPDATE DATE

2024-11-07T22:03:56.540000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-7317date:2022-05-23T00:00:00
db:BIDid:108098date:2019-01-25T00:00:00
db:CNNVDid:CNNVD-201902-012date:2021-10-20T00:00:00
db:NVDid:CVE-2019-7317date:2024-10-21T13:55:03.510

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-7317date:2019-02-04T00:00:00
db:BIDid:108098date:2019-01-25T00:00:00
db:PACKETSTORMid:152702date:2019-05-01T16:22:22
db:PACKETSTORMid:154069date:2019-08-15T20:14:50
db:PACKETSTORMid:153067date:2019-05-23T16:56:40
db:PACKETSTORMid:153087date:2019-05-24T23:22:22
db:PACKETSTORMid:153158date:2019-06-03T14:02:22
db:PACKETSTORMid:152561date:2019-04-18T13:08:16
db:PACKETSTORMid:153065date:2019-05-23T16:55:38
db:CNNVDid:CNNVD-201902-012date:2019-02-04T00:00:00
db:NVDid:CVE-2019-7317date:2019-02-04T08:29:00.447