CVE-2019-7317: png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

medium5.3CVSS 3.1

AVNACHPRNUIRSUCNINAH

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

61 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	firefox	< firefox 67.0-2 (sid)	firefox 67.0-2 (sid)
debian	firefox-esr	< firefox 67.0-2 (sid)	firefox 67.0-2 (sid)
debian	libpng1.6	< firefox 67.0-2 (sid)	firefox 67.0-2 (sid)
debian	thunderbird	< firefox 67.0-2 (sid)	firefox 67.0-2 (sid)
hp	xp7_command_view	< 8.7.0-00	8.7.0-00
hpe	xp7_command_view_advanced_edition_suite	< 8.7.0-00	8.7.0-00
libpng	libpng	>= 1.6.0 < 1.6.37	1.6.37
mozilla	firefox	>= 0 < 67.0+build2-0ubuntu0.16.04.1	67.0+build2-0ubuntu0.16.04.1
mozilla	firefox	>= 0 < 67.0.2+build2-0ubuntu0.16.04.1	67.0.2+build2-0ubuntu0.16.04.1
mozilla	firefox	>= 0 < 67.0.1+build1-0ubuntu0.16.04.1	67.0.1+build1-0ubuntu0.16.04.1
mozilla	firefox	>= 0 < 67.0+build2-0ubuntu0.18.04.1	67.0+build2-0ubuntu0.18.04.1
mozilla	firefox	>= 0 < 67.0.2+build2-0ubuntu0.18.04.1	67.0.2+build2-0ubuntu0.18.04.1
mozilla	firefox	>= 0 < 67.0.1+build1-0ubuntu0.18.04.1	67.0.1+build1-0ubuntu0.18.04.1
mozilla	thunderbird	>= 0 < 1:60.7.0-1	1:60.7.0-1
mozilla	thunderbird	>= 0 < 1:60.7.0-1	1:60.7.0-1
mozilla	thunderbird	>= 0 < 1:60.7.0-1	1:60.7.0-1
mozilla	thunderbird	>= 0 < 1:60.7.0-1	1:60.7.0-1
mozilla	thunderbird	>= 0 < 1:60.7.0+build1-0ubuntu0.16.04.1	1:60.7.0+build1-0ubuntu0.16.04.1
mozilla	thunderbird	>= 0 < 1:60.7.0+build1-0ubuntu0.18.04.1	1:60.7.0+build1-0ubuntu0.18.04.1

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

osv9.8CRITICAL