VAR-201902-0855
Vulnerability from variot - Updated: 2026-03-09 23:19png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. libpng is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. libpng version 1.6.36 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:1309-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1309 Issue date: 2019-06-03 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 =====================================================================
- Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le
- Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.0.
Security Fix(es):
-
Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)
-
Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)
-
Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
-
Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
-
Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
-
Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
-
Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)
-
Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
-
mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)
-
chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
-
Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)
-
libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm
x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
aarch64: thunderbird-60.7.0-1.el7_6.aarch64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.aarch64.rpm
ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXPWIu9zjgjWX9erEAQg21w//Z7v1kJQho28efeI70LrXGp/n0Hlj5i2m JwhPrwWDnz5BH5WbYrPIch/2CTL7znXR6v5rjisXoFhtvoSme3LPStyijp+bMXGr FtKnWFJRVt87gWZ8NwvY/mtwCjpIXSOCkAdEe6Rk+crG4gtBRct32ZDfcH+6U1Km cPpoguI0Q4cd/KZ4yiyFgUG66k0vBZ/mqUch480+vtlNkiO5JhZzPapTMEr5C9Ay qKmn6A98z3eVOpligYZ/5nAC4HfY6AhQp4CWFPijmvobJzq1a9z0XH4L9KeQk6RA laW0+rzw9NcsSk4c5WMWlcl9YzzYSr663av26VIKwgUnMEGjmBKstSUfgYIBgu3j ROMrVlHl2BTPJNrGtW0arWLo2pC0qCKEwcMGo8aisyNBLMc9QXFP4CCjf6uVtpU7 VYfHz3bwfokj7R9dFDh3dDTmyrLeAWkoDckEmo59XEfXaA1u7E/QEAnxA4h9wCb3 TU1frVhktXSh4lPO5JYIE4cpT50MJEyt2FPsSfQaL+q2EUMNlxR5IckSDx+sFicn jSelaqnOEpJQSle2bLWAQmGgWeMMkyHbRReCjRMBYPt0F/qbFiKIvRJISEYlVb9L xpnYw8aTMn5OFxH2BCT/+mVniOhZYqPK8CfEF2dTKZ7hYtzammrzndSZf2ifG574 3/xegYaen8Q= =TKs0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
- ========================================================================== Ubuntu Security Notice USN-3991-2 June 06, 2019
firefox regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-3991-1 caused a regression in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821)
It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697)
It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)
A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. 7) - x86_64
- Description:
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Security Fix(es):
-
IBM JDK: Out-of-bounds access in the String.getBytes method (CVE-2019-11772)
-
IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775)
-
OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)
-
OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)
-
OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)
-
OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)
-
libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730255 - CVE-2019-2786 OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738547 - CVE-2019-11772 IBM JDK: Out-of-bounds access in the String.getBytes method 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] libpng (SSA:2019-107-01)
New libpng packages are available for Slackware 14.2 and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. Fixed a memory leak in pngtest.c. Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in contrib/pngminus; refactor. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.2 package: 829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: e141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz
Slackware -current package: 0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz
Slackware x86_64 -current package: d8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg libpng-1.6.37-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "package hub",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": null
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.8"
},
{
"_id": null,
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "hyperion infrastructure technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.6.0"
},
{
"_id": null,
"model": "xp7 command view advanced edition suite",
"scope": "lt",
"trust": 1.0,
"vendor": "hpe",
"version": "8.7.0-00"
},
{
"_id": null,
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "3.4.2"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8u212"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "9.6"
},
{
"_id": null,
"model": "e-series santricity storage manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "11.53"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.37"
},
{
"_id": null,
"model": "e-series santricity management",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "steelstore",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3.9"
},
{
"_id": null,
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "mysql",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"_id": null,
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "9.6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "5.1"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"_id": null,
"model": "e-series santricity web services",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "snapmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "3.4.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "e-series santricity unified manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "3.2"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7u221"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "xp7 command view",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "8.7.0-00"
},
{
"_id": null,
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi infrastructure analytics advisor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi replication manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi global link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi tiered storage manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi dynamic link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi compute systems manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": null,
"trust": 0.8,
"vendor": "png group",
"version": null
},
{
"_id": null,
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi automation director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.36"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.37"
}
],
"sources": [
{
"db": "BID",
"id": "108098"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu,Debian,Slackware Security Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7317",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2019-7317",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"id": "CVE-2019-7317",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7317",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7317",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7317",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-012",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7317",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"description": {
"_id": null,
"data": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. libpng is prone to a denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. \nlibpng version 1.6.36 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: thunderbird security update\nAdvisory ID: RHSA-2019:1309-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1309\nIssue date: 2019-06-03\nCVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 \n CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 \n CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 \n CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 \n=====================================================================\n\n1. Summary:\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le\n\n3. Description:\n\nMozilla Thunderbird is a standalone mail and newsgroup client. \n\nThis update upgrades Thunderbird to version 60.7.0. \n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager\n(CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext\n(CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks\nto and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c\n1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext\n1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia\n1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest\n1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager\n1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux\n1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap\n1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas\n1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API\n1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\nx86_64:\nthunderbird-60.7.0-1.el7_6.x86_64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\nppc64le:\nthunderbird-60.7.0-1.el7_6.ppc64le.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm\n\nx86_64:\nthunderbird-60.7.0-1.el7_6.x86_64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\naarch64:\nthunderbird-60.7.0-1.el7_6.aarch64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.aarch64.rpm\n\nppc64le:\nthunderbird-60.7.0-1.el7_6.ppc64le.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\nx86_64:\nthunderbird-60.7.0-1.el7_6.x86_64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18511\nhttps://access.redhat.com/security/cve/CVE-2019-5798\nhttps://access.redhat.com/security/cve/CVE-2019-7317\nhttps://access.redhat.com/security/cve/CVE-2019-9797\nhttps://access.redhat.com/security/cve/CVE-2019-9800\nhttps://access.redhat.com/security/cve/CVE-2019-9817\nhttps://access.redhat.com/security/cve/CVE-2019-9819\nhttps://access.redhat.com/security/cve/CVE-2019-9820\nhttps://access.redhat.com/security/cve/CVE-2019-11691\nhttps://access.redhat.com/security/cve/CVE-2019-11692\nhttps://access.redhat.com/security/cve/CVE-2019-11693\nhttps://access.redhat.com/security/cve/CVE-2019-11698\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXPWIu9zjgjWX9erEAQg21w//Z7v1kJQho28efeI70LrXGp/n0Hlj5i2m\nJwhPrwWDnz5BH5WbYrPIch/2CTL7znXR6v5rjisXoFhtvoSme3LPStyijp+bMXGr\nFtKnWFJRVt87gWZ8NwvY/mtwCjpIXSOCkAdEe6Rk+crG4gtBRct32ZDfcH+6U1Km\ncPpoguI0Q4cd/KZ4yiyFgUG66k0vBZ/mqUch480+vtlNkiO5JhZzPapTMEr5C9Ay\nqKmn6A98z3eVOpligYZ/5nAC4HfY6AhQp4CWFPijmvobJzq1a9z0XH4L9KeQk6RA\nlaW0+rzw9NcsSk4c5WMWlcl9YzzYSr663av26VIKwgUnMEGjmBKstSUfgYIBgu3j\nROMrVlHl2BTPJNrGtW0arWLo2pC0qCKEwcMGo8aisyNBLMc9QXFP4CCjf6uVtpU7\nVYfHz3bwfokj7R9dFDh3dDTmyrLeAWkoDckEmo59XEfXaA1u7E/QEAnxA4h9wCb3\nTU1frVhktXSh4lPO5JYIE4cpT50MJEyt2FPsSfQaL+q2EUMNlxR5IckSDx+sFicn\njSelaqnOEpJQSle2bLWAQmGgWeMMkyHbRReCjRMBYPt0F/qbFiKIvRJISEYlVb9L\nxpnYw8aTMn5OFxH2BCT/+mVniOhZYqPK8CfEF2dTKZ7hYtzammrzndSZf2ifG574\n3/xegYaen8Q=\n=TKs0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-3991-2\nJune 06, 2019\n\nfirefox regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-3991-1 caused a regression in Firefox. The update caused a\nregression which resulted in issues when upgrading between Ubuntu\nreleases. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Multiple security issues were discovered in Firefox. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit these to cause a denial of service, spoof the browser\n UI, trick the user in to launching local executable binaries, obtain\n sensitive information, conduct cross-site scripting (XSS) attacks, or\n execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,\n CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701,\n CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819,\n CVE-2019-9820, CVE-2019-9821)\n \n It was discovered that pressing certain key combinations could bypass\n addon installation prompt delays. If a user opened a specially crafted\n website, an attacker could potentially exploit this to trick them in to\n installing a malicious extension. (CVE-2019-11697)\n \n It was discovered that history data could be exposed via drag and drop\n of hyperlinks to and from bookmarks. If a user were tricked in to dragging\n a specially crafted hyperlink to the bookmark toolbar or sidebar, and\n subsequently back in to the web content area, an attacker could\n potentially exploit this to obtain sensitive information. (CVE-2019-11698)\n \n A type confusion bug was discovered with object groups and UnboxedObjects. \n If a user were tricked in to opening a specially crafted website after\n enabling the UnboxedObjects feature, an attacker could potentially\n exploit this to bypass security checks. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nSecurity Fix(es):\n\n* IBM JDK: Out-of-bounds access in the String.getBytes method\n(CVE-2019-11772)\n\n* IBM JDK: Failure to privatize a value pulled out of the loop by\nversioning (CVE-2019-11775)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization\n(Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c\n1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)\n1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518)\n1730255 - CVE-2019-2786 OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381)\n1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)\n1738547 - CVE-2019-11772 IBM JDK: Out-of-bounds access in the String.getBytes method\n1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning\n\n6. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] libpng (SSA:2019-107-01)\n\nNew libpng packages are available for Slackware 14.2 and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. \n Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. \n Fixed a memory leak in pngtest.c. \n Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in\n contrib/pngminus; refactor. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 package:\n829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ne141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz\n\nSlackware x86_64 -current package:\nd8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libpng-1.6.37-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "BID",
"id": "108098"
},
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "154285"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "153067"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "152561"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-7317",
"trust": 4.3
},
{
"db": "BID",
"id": "108098",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152561",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152664",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152702",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1877",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4466",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1454",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4293",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4381",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042108",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-7317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153157",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153067",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154457",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154282",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "BID",
"id": "108098"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "154285"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "153067"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "152561"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"id": "VAR-201902-0855",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.23809524
},
"last_update_date": "2026-03-09T23:19:31.919000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2019-116 Software product security information",
"trust": 0.8,
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"title": "Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ef2bbc82329f4e3dd9e23c0137af2a7b"
},
{
"title": "Ubuntu Security Notice: libpng1.6 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3962-1"
},
{
"title": "Debian Security Advisories: DSA-4435-1 libpng1.6 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d60ba88361ab9afdcad18ca2a106ac3b"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192494 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192495 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201904-10] libpng: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201904-10"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192737 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-7317",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-7317"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192585 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192590 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192592 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-7317"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191308 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191310 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191265 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191269 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191309 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-lts vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4083-1"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191267 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4080-1"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3997-1"
},
{
"title": "Debian Security Advisories: DSA-4451-1 thunderbird -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1cf7f39c2c474666174a69cf97b06740"
},
{
"title": "Ubuntu Security Notice: firefox regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-3"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=61e62f4d9c861153c6391afc0ec560a4"
},
{
"title": "Debian Security Advisories: DSA-4448-1 firefox-esr -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e2d9ccf571c31c1011ad31af2798140f"
},
{
"title": "Ubuntu Security Notice: firefox regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-1"
},
{
"title": "Arch Linux Advisories: [ASA-201905-8] thunderbird: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-8"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1246",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1246"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-14",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-14"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4a8e20a238934bc47ca332a3c76cc9c3"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisor",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-117"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=acad3ac1b2767940a01b72ed1b51586b"
},
{
"title": "Arch Linux Advisories: [ASA-201905-9] firefox: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-9"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-116"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1229"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=554d832b08166d6d04a53f3c421e7f9b"
},
{
"title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2019 \u2013 Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=de7b9859dff396513e72da22ffc4ab3e"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-15",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-15"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Thunderbird 60.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=198e3a670ab8c803584e801da3919e61"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=836b059f33e614408bd51705b325caaf"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b352b6737bfbf2a62b0a2201928e8963"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ad5c6091de269fb79e0c4d1c06b0846"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Firefox 67",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=730fce689efe63b7de803de0d8794796"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-13",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-13"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-z",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ef3e54cc5cdc194f0526779f9480f89"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/152561/slackware-security-advisory-libpng-updates.html"
},
{
"trust": 2.6,
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/108098"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7317"
},
{
"trust": 2.0,
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"trust": 2.0,
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1269"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1309"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2585"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2592"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2737"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/apr/30"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/apr/36"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/56"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/59"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1265"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1267"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/67"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1310"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1308"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2494"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2495"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2590"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbst03977en_us"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2019-7317"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409"
},
{
"trust": 0.6,
"url": "https://github.com/glennrp/libpng/issues/275exploitissue trackingthird party advisory"
},
{
"trust": 0.6,
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803mailing listthird party advisory"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193060-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1096270"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106139"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106487"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106553"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106493"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79850"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4381/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1107879"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152702/ubuntu-security-notice-usn-3962-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79998"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152664/debian-security-advisory-4435-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1138432"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4293/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4466/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1074382"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137448"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0775/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042108"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1877/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9820"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11698"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-11775"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11772"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2786"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-11772"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2786"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2769"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2769"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11775"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2816"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2816"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11691"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11692"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9820"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11692"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9800"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11691"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9816"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-15/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11697"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1830096"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3991-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.19.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.10.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11695"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3991-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9816"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-14/"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14048"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7317"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14550"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14048"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "BID",
"id": "108098"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "154285"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "153067"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "152561"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2019-7317",
"ident": null
},
{
"db": "BID",
"id": "108098",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153157",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154285",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153212",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153067",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154457",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154282",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152561",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-7317",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7317",
"ident": null
},
{
"date": "2019-01-25T00:00:00",
"db": "BID",
"id": "108098",
"ident": null
},
{
"date": "2019-06-03T14:44:44",
"db": "PACKETSTORM",
"id": "153157",
"ident": null
},
{
"date": "2019-09-02T17:41:04",
"db": "PACKETSTORM",
"id": "154285",
"ident": null
},
{
"date": "2019-06-06T17:02:22",
"db": "PACKETSTORM",
"id": "153212",
"ident": null
},
{
"date": "2019-05-23T16:56:40",
"db": "PACKETSTORM",
"id": "153067",
"ident": null
},
{
"date": "2019-09-11T19:58:39",
"db": "PACKETSTORM",
"id": "154457",
"ident": null
},
{
"date": "2019-09-02T17:37:20",
"db": "PACKETSTORM",
"id": "154282",
"ident": null
},
{
"date": "2019-04-18T13:08:16",
"db": "PACKETSTORM",
"id": "152561",
"ident": null
},
{
"date": "2019-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-012",
"ident": null
},
{
"date": "2019-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"ident": null
},
{
"date": "2019-02-04T08:29:00.447000",
"db": "NVD",
"id": "CVE-2019-7317",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7317",
"ident": null
},
{
"date": "2019-01-25T00:00:00",
"db": "BID",
"id": "108098",
"ident": null
},
{
"date": "2021-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-012",
"ident": null
},
{
"date": "2022-07-05T03:02:00",
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"ident": null
},
{
"date": "2024-11-21T04:48:00.033000",
"db": "NVD",
"id": "CVE-2019-7317",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "libpng\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.