CVE-2019-7317

NameCVE-2019-7317
Descriptionpng_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1800-1, DLA-1806-1, DSA-4435-1, DSA-4448-1, DSA-4451-1
Debian Bugs921355

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid138.0.4-1fixed
firefox-esr (PTS)bullseye115.14.0esr-1~deb11u1fixed
bullseye (security)128.10.1esr-1~deb11u1fixed
bookworm128.10.0esr-1~deb12u1fixed
bookworm (security)128.10.1esr-1~deb12u1fixed
sid, trixie128.10.1esr-1fixed
libpng1.6 (PTS)bullseye1.6.37-3fixed
bookworm1.6.39-2fixed
sid, trixie1.6.48-1fixed
thunderbird (PTS)bullseye1:115.12.0-1~deb11u1fixed
bullseye (security)1:128.10.1esr-1~deb11u1fixed
bookworm1:128.10.0esr-1~deb12u1fixed
bookworm (security)1:128.10.1esr-1~deb12u1fixed
trixie1:128.10.0esr-1fixed
sid1:128.10.1esr-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsourceexperimental67.0-1
firefoxsource(unstable)67.0-2
firefox-esrsourcejessie60.7.0esr-1~deb8u1DLA-1800-1
firefox-esrsourcestretch60.7.0esr-1~deb9u1DSA-4448-1
firefox-esrsource(unstable)60.7.0esr-1
libpngsourcejessie(not affected)
libpngsource(unstable)(unfixed)
libpng1.6sourcestretch1.6.28-1+deb9u1DSA-4435-1
libpng1.6source(unstable)1.6.36-4921355
thunderbirdsourcejessie1:60.7.0-1~deb8u1DLA-1806-1
thunderbirdsourcestretch1:60.7.0-1~deb9u1DSA-4451-1
thunderbirdsource(unstable)1:60.7.0-1

Notes

[jessie] - libpng <not-affected> (Vulnerable code not present)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
https://github.com/glennrp/libpng/issues/275
https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-7317
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317
Search for package or bug name: Reporting problems