CVE-2019-6129Missing Release of Memory after Effective Lifetime in Libpng

CWE-401Missing Release of Memory after Effective LifetimeCWE-400Uncontrolled Resource Consumption14 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 48.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libpng
Timeline
PublishedJan 11
Latest updateMay 13

Description

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDlibpng/libpng1.6.36

🔴Vulnerability Details

3
GHSA
GHSA-rrr4-g4q4-hgr3: ** DISPUTED ** png_create_info_struct in png2022-05-13
CVEList
CVE-2019-6129: png_create_info_struct in png2019-01-11
OSV
CVE-2019-6129: png_create_info_struct in png2019-01-11

📋Vendor Advisories

2
Red Hat
libpng: memory leak of png_info struct in pngcp.c2019-01-11
Debian
CVE-2019-6129: libpng1.6 - png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstra...2019

💬Community

8
Bugzilla
CVE-2019-6129 libpng15: libpng: memory leak in function png_create_info_struct in png.c [fedora-all]2019-01-17
Bugzilla
CVE-2019-6129 libpng: memory leak in function png_create_info_struct in png.c [fedora-all]2019-01-17
Bugzilla
CVE-2019-6129 mingw-libpng: libpng: memory leak in function png_create_info_struct in png.c [epel-7]2019-01-17
Bugzilla
CVE-2019-6129 libpng10: libpng: memory leak in function png_create_info_struct in png.c [fedora-all]2019-01-17
Bugzilla
CVE-2019-6129 mingw-libpng: libpng: memory leak in function png_create_info_struct in png.c [fedora-all]2019-01-17