cve/2019/CVE-2019-7317.md

CVE-2019-7317

Description

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

POC

Reference

• http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
• https://usn.ubuntu.com/3991-1/
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/arindam0310018/04-Apr-2022-DevOps__Scan-Images-In-ACR-Using-Trivy