Details of VAR-201902-0855

ID

VAR-201902-0855

CVE

CVE-2019-7317

TITLE

libpng Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

DESCRIPTION

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. libpng version 1.6.36 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:1309-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1309 Issue date: 2019-06-03 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm aarch64: thunderbird-60.7.0-1.el7_6.aarch64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.aarch64.rpm ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXPWIu9zjgjWX9erEAQg21w//Z7v1kJQho28efeI70LrXGp/n0Hlj5i2m JwhPrwWDnz5BH5WbYrPIch/2CTL7znXR6v5rjisXoFhtvoSme3LPStyijp+bMXGr FtKnWFJRVt87gWZ8NwvY/mtwCjpIXSOCkAdEe6Rk+crG4gtBRct32ZDfcH+6U1Km cPpoguI0Q4cd/KZ4yiyFgUG66k0vBZ/mqUch480+vtlNkiO5JhZzPapTMEr5C9Ay qKmn6A98z3eVOpligYZ/5nAC4HfY6AhQp4CWFPijmvobJzq1a9z0XH4L9KeQk6RA laW0+rzw9NcsSk4c5WMWlcl9YzzYSr663av26VIKwgUnMEGjmBKstSUfgYIBgu3j ROMrVlHl2BTPJNrGtW0arWLo2pC0qCKEwcMGo8aisyNBLMc9QXFP4CCjf6uVtpU7 VYfHz3bwfokj7R9dFDh3dDTmyrLeAWkoDckEmo59XEfXaA1u7E/QEAnxA4h9wCb3 TU1frVhktXSh4lPO5JYIE4cpT50MJEyt2FPsSfQaL+q2EUMNlxR5IckSDx+sFicn jSelaqnOEpJQSle2bLWAQmGgWeMMkyHbRReCjRMBYPt0F/qbFiKIvRJISEYlVb9L xpnYw8aTMn5OFxH2BCT/+mVniOhZYqPK8CfEF2dTKZ7hYtzammrzndSZf2ifG574 3/xegYaen8Q= =TKs0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning 6. ========================================================================= Ubuntu Security Notice USN-4080-1 July 31, 2019 openjdk-8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-8: Open Source Java implementation Details: Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. (CVE-2019-2745) It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769) It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786) Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816) Nati Nimni discovered that the Java Cryptography Extension component in OpenJDK did not properly perform array bounds checking in some situations. An attacker could use this to cause a denial of service. (CVE-2019-2842) It was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: openjdk-8-jdk 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jdk-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-jamvm 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-zero 8u222-b10-1ubuntu1~16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4435-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpng1.6 CVE ID : CVE-2019-7317 Debian Bug : 921355 A use-after-free vulnerability was discovered in the png_image_free() function in the libpng PNG library, which could lead to denial of service or potentially the execution of arbitrary code if a malformed image is processed. For the stable distribution (stretch), this problem has been fixed in version 1.6.28-1+deb9u1. We recommend that you upgrade your libpng1.6 packages. For the detailed security status of libpng1.6 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libpng1.6 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzECBJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Txww//aZy+AZ6sloDpGd6f8r2C5/9DsbwGLdpNsJSVaA7jX6OWKWfb+UMb7vwz fz8jUhFZFrjD8DtF1fyrhO5yzbnFGMGSd8HpfOP7aNfBQBnud0jwnVlmTRiB4idq bKC5SEhjjU7SlGBNZ7vfrM2AbaPEp+ge08O6Pd7YpeV7JbwSHEEDLpLaPLFkLyik h2zb7efpHRew0QmVfi6HcIf5jAKBz2G4JTIKD9tHrfWcVBOpehmCGV8VJ9Hx0ean J+VkhDn1ix1M686spf+OuG8GGgdmWaR5IA3Mp9Arz52Mxq83660G4ji1cMcltZa/ Hlb9pntp8Mlz8uQ71FUcy/RZmZiqDXy49SHCA1Dt+EnE5vcHi1LXLopnOHdqo14B xjW88ME7gzAtHTyup2UFOS93mVmklGytmPUixXEiWo8GMazJvlPvvFqoAmB1igeY BD2wa1exgZgS6UpmOXmsKYfOeFjRYY3muqtF5zme4Az0OYxr5UzB5kvDuUm3SHhA WXysaVYyq7eFuhXT95gSQgKfUVZIC6AeOZ/jSJ7HcEex8oj71KyHjbbHFr5Lfx3g fsLeD59kj8ovTrx02/e2LcSpuXqZDLcbipJlhAiUItSQf0vJK+DUbgZ0r6GjdInO 78W1KDDUpmXk4uGEWae/bR/HuoAZV26Y5VX8Pd6TaU59oif8/sQ= =jInk -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2019-7317 // BID: 108098 // VULMON: CVE-2019-7317 // PACKETSTORM: 153157 // PACKETSTORM: 154069 // PACKETSTORM: 153212 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153836 // PACKETSTORM: 154282 // PACKETSTORM: 152664

AFFECTED PRODUCTS

vendor:	opensuse	model:	package hub	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for scientific computing	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	satellite	scope:	eq	version:	5.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for scientific computing	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	hyperion infrastructure technology	scope:	eq	version:	11.2.6.0	Trust: 1.0
vendor:	hpe	model:	xp7 command view advanced edition suite	scope:	lt	version:	8.7.0-00	Trust: 1.0
vendor:	netapp	model:	snapmanager	scope:	eq	version:	3.4.2	Trust: 1.0
vendor:	oracle	model:	java se	scope:	eq	version:	8u212	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	lt	version:	9.6	Trust: 1.0
vendor:	netapp	model:	e-series santricity storage manager	scope:	lt	version:	11.53	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	lt	version:	1.6.37	Trust: 1.0
vendor:	netapp	model:	e-series santricity management	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netapp	model:	steelstore	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	gte	version:	1.6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	lt	version:	7.3.9	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lt	version:	8.0.23	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	42.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	9.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	lt	version:	5.1	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	lt	version:	4.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netapp	model:	snapmanager	scope:	lt	version:	3.4.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity unified manager	scope:	lt	version:	3.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	oracle	model:	java se	scope:	eq	version:	7u221	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netapp	model:	plug-in for symantec netbackup	scope:	eq	version:	-	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	hp	model:	xp7 command view	scope:	lt	version:	8.7.0-00	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.36	Trust: 0.3
vendor:	libpng	model:	libpng	scope:	ne	version:	1.6.37	Trust: 0.3

sources: BID: 108098 // NVD: CVE-2019-7317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7317
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201902-012
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-7317
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-7317
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2019-7317
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2019-7317 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.0

sources: NVD: CVE-2019-7317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

PATCH

title:	Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ef2bbc82329f4e3dd9e23c0137af2a7b	Trust: 0.1
title:	Ubuntu Security Notice: libpng1.6 vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3962-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4435-1 libpng1.6 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d60ba88361ab9afdcad18ca2a106ac3b	Trust: 0.1
title:	Red Hat: Important: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192494 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192495 - Security Advisory	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201904-10] libpng: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201904-10	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192737 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2019-7317	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-7317	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192585 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192590 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192592 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-7317	Trust: 0.1
title:	Red Hat: Important: thunderbird security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191308 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: thunderbird security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191310 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: firefox security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191265 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: firefox security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191269 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: thunderbird security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191309 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-lts vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4083-1	Trust: 0.1
title:	Red Hat: Critical: firefox security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191267 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-8 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4080-1	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3997-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4451-1 thunderbird -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=1cf7f39c2c474666174a69cf97b06740	Trust: 0.1
title:	Ubuntu Security Notice: firefox regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-3	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=61e62f4d9c861153c6391afc0ec560a4	Trust: 0.1
title:	Debian Security Advisories: DSA-4448-1 firefox-esr -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e2d9ccf571c31c1011ad31af2798140f	Trust: 0.1
title:	Ubuntu Security Notice: firefox regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-2	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3991-1	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201905-8] thunderbird: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-8	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1246	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1246	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2019-14	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-14	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4a8e20a238934bc47ca332a3c76cc9c3	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisor	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-117	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=acad3ac1b2767940a01b72ed1b51586b	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201905-9] firefox: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-9	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-116	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1229	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1229	Trust: 0.1
title:	Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=554d832b08166d6d04a53f3c421e7f9b	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2019 – Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=de7b9859dff396513e72da22ffc4ab3e	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2019-15	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-15	Trust: 0.1
title:	Mozilla: Security vulnerabilities fixed in Thunderbird 60.7	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=198e3a670ab8c803584e801da3919e61	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=836b059f33e614408bd51705b325caaf	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b352b6737bfbf2a62b0a2201928e8963	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ad5c6091de269fb79e0c4d1c06b0846	Trust: 0.1
title:	Mozilla: Security vulnerabilities fixed in Firefox 67	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=730fce689efe63b7de803de0d8794796	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2019-13	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2019-13	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-z	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ef3e54cc5cdc194f0526779f9480f89	Trust: 0.1

sources: VULMON: CVE-2019-7317

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7317	Trust: 2.8
db:	BID	id:	108098	Trust: 2.0
db:	PACKETSTORM	id:	152561	Trust: 1.7
db:	PACKETSTORM	id:	152664	Trust: 0.7
db:	PACKETSTORM	id:	152702	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1877	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1491	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4466	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0775	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1454	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4293	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4381	Trust: 0.6
db:	CS-HELP	id:	SB2021042108	Trust: 0.6
db:	CNNVD	id:	CNNVD-201902-012	Trust: 0.6
db:	VULMON	id:	CVE-2019-7317	Trust: 0.1
db:	PACKETSTORM	id:	153157	Trust: 0.1
db:	PACKETSTORM	id:	154069	Trust: 0.1
db:	PACKETSTORM	id:	153212	Trust: 0.1
db:	PACKETSTORM	id:	153067	Trust: 0.1
db:	PACKETSTORM	id:	154068	Trust: 0.1
db:	PACKETSTORM	id:	153836	Trust: 0.1
db:	PACKETSTORM	id:	154282	Trust: 0.1

sources: VULMON: CVE-2019-7317 // BID: 108098 // PACKETSTORM: 153157 // PACKETSTORM: 154069 // PACKETSTORM: 153212 // PACKETSTORM: 153067 // PACKETSTORM: 154068 // PACKETSTORM: 153836 // PACKETSTORM: 154282 // PACKETSTORM: 152664 // CNNVD: CNNVD-201902-012 // NVD: CVE-2019-7317

REFERENCES

url:	http://packetstormsecurity.com/files/152561/slackware-security-advisory-libpng-updates.html	Trust: 2.9
url:	https://www.debian.org/security/2019/dsa-4435	Trust: 2.6
url:	https://usn.ubuntu.com/3962-1/	Trust: 2.4
url:	http://www.securityfocus.com/bid/108098	Trust: 2.4
url:	https://www.debian.org/security/2019/dsa-4451	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://github.com/glennrp/libpng/issues/275	Trust: 2.0
url:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803	Trust: 2.0
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2019:1269	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1309	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2494	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2495	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2585	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/apr/30	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/apr/36	Trust: 1.7
url:	https://usn.ubuntu.com/3991-1/	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/may/56	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/may/59	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4448	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:1265	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:1267	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/may/67	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html	Trust: 1.7
url:	https://usn.ubuntu.com/3997-1/	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:1310	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:1308	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190719-0005/	Trust: 1.7
url:	https://usn.ubuntu.com/4080-1/	Trust: 1.7
url:	https://usn.ubuntu.com/4083-1/	Trust: 1.7
url:	https://security.gentoo.org/glsa/201908-02	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2590	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2592	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2737	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03977en_us	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2019-7317	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7317	Trust: 1.4
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1672409	Trust: 0.9
url:	https://github.com/glennrp/libpng/issues/275exploitissue trackingthird party advisory	Trust: 0.6
url:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803mailing listthird party advisory	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193060-1.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1096270	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106139	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106487	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106553	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106493	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79850	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4381/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1107879	Trust: 0.6
url:	https://packetstormsecurity.com/files/152702/ubuntu-security-notice-usn-3962-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79998	Trust: 0.6
url:	https://packetstormsecurity.com/files/152664/debian-security-advisory-4435-1.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-6/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1138432	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4293/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4466/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1074382	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1137448	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0775/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042108	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1877/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2762	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2816	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2769	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9820	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11698	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11775	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11775	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-2762	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-2816	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-2769	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9817	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18511	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-11698	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9797	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11691	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9819	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-11692	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9800	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9817	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9797	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-11693	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11693	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9819	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-18511	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9820	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11692	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9800	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-11691	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9816	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2786	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=59551	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2019-15/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11697	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1	Trust: 0.1
url:	https://launchpad.net/bugs/1830096	Trust: 0.1
url:	https://usn.ubuntu.com/3991-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.19.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11695	Trust: 0.1
url:	https://usn.ubuntu.com/3991-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.04.1	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9816	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2019-14/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2745	Trust: 0.1
url:	https://usn.ubuntu.com/4080-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2842	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-8/8u222-b10-1ubuntu1~16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11772	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11772	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-2786	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/libpng1.6	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1

CREDITS

Ubuntu,Debian,Slackware Security Team

Trust: 0.6

sources: CNNVD: CNNVD-201902-012

SOURCES

db:	VULMON	id:	CVE-2019-7317
db:	BID	id:	108098
db:	PACKETSTORM	id:	153157
db:	PACKETSTORM	id:	154069
db:	PACKETSTORM	id:	153212
db:	PACKETSTORM	id:	153067
db:	PACKETSTORM	id:	154068
db:	PACKETSTORM	id:	153836
db:	PACKETSTORM	id:	154282
db:	PACKETSTORM	id:	152664
db:	CNNVD	id:	CNNVD-201902-012
db:	NVD	id:	CVE-2019-7317

LAST UPDATE DATE

2025-12-22T20:31:40.066000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-7317	date:	2022-05-23T00:00:00
db:	BID	id:	108098	date:	2019-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201902-012	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2019-7317	date:	2024-11-21T04:48:00.033

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-7317	date:	2019-02-04T00:00:00
db:	BID	id:	108098	date:	2019-01-25T00:00:00
db:	PACKETSTORM	id:	153157	date:	2019-06-03T14:44:44
db:	PACKETSTORM	id:	154069	date:	2019-08-15T20:14:50
db:	PACKETSTORM	id:	153212	date:	2019-06-06T17:02:22
db:	PACKETSTORM	id:	153067	date:	2019-05-23T16:56:40
db:	PACKETSTORM	id:	154068	date:	2019-08-15T20:14:24
db:	PACKETSTORM	id:	153836	date:	2019-07-31T14:59:30
db:	PACKETSTORM	id:	154282	date:	2019-09-02T17:37:20
db:	PACKETSTORM	id:	152664	date:	2019-04-29T17:22:22
db:	CNNVD	id:	CNNVD-201902-012	date:	2019-02-04T00:00:00
db:	NVD	id:	CVE-2019-7317	date:	2019-02-04T08:29:00.447