发布日期：2019-09-04
更新日期：2019-09-06

受影响系统：

libpng libpng 1.6.x < 1.6.37

描述：

---

BUGTRAQ  ID: 108098
CVE(CAN) ID: CVE-2019-7317

libpng是一个可对PNG图形文件实现创建、读写等操作的PNG参考库。

libpng 1.6.37之前的1.6.x版本，png.c/png_image_free中存在释放后重利用漏洞。攻击者可借助特制的文件利用该漏洞造成拒绝服务。

<*来源：vendor
  *>

建议：

---

厂商补丁：

libpng
------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://libpng.sourceforge.net/

参考：
BID:108098
URL:http://www.securityfocus.com/bid/108098
BUGTRAQ:20190417 [slackware-security] libpng (SSA:2019-107-01)
URL:https://seclists.org/bugtraq/2019/Apr/30
BUGTRAQ:20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update
URL:https://seclists.org/bugtraq/2019/Apr/36
BUGTRAQ:20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
URL:https://seclists.org/bugtraq/2019/May/56
BUGTRAQ:20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
URL:https://seclists.org/bugtraq/2019/May/59
BUGTRAQ:20190527 [SECURITY] [DSA 4451-1] thunderbird security update
URL:https://seclists.org/bugtraq/2019/May/67
CONFIRM:https://security.netapp.com/advisory/ntap-20190719-0005/
DEBIAN:DSA-4435
URL:https://www.debian.org/security/2019/dsa-4435
DEBIAN:DSA-4448
URL:https://www.debian.org/security/2019/dsa-4448
DEBIAN:DSA-4451
URL:https://www.debian.org/security/2019/dsa-4451
GENTOO:GLSA-201908-02
URL:https://security.gentoo.org/glsa/201908-02
MISC:http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
MISC:https://github.com/glennrp/libpng/issues/275
MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST:[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html
MLIST:[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
REDHAT:RHSA-2019:1265
URL:https://access.redhat.com/errata/RHSA-2019:1265
REDHAT:RHSA-2019:1267
URL:https://access.redhat.com/errata/RHSA-2019:1267
REDHAT:RHSA-2019:1269
URL:https://access.redhat.com/errata/RHSA-2019:1269
REDHAT:RHSA-2019:1308
URL:https://access.redhat.com/errata/RHSA-2019:1308
REDHAT:RHSA-2019:1309
URL:https://access.redhat.com/errata/RHSA-2019:1309
REDHAT:RHSA-2019:1310
URL:https://access.redhat.com/errata/RHSA-2019:1310
REDHAT:RHSA-2019:2494
URL:https://access.redhat.com/errata/RHSA-2019:2494
REDHAT:RHSA-2019:2495
URL:https://access.redhat.com/errata/RHSA-2019:2495
REDHAT:RHSA-2019:2585
URL:https://access.redhat.com/errata/RHSA-2019:2585
REDHAT:RHSA-2019:2590
URL:https://access.redhat.com/errata/RHSA-2019:2590
REDHAT:RHSA-2019:2592
URL:https://access.redhat.com/errata/RHSA-2019:2592
SUSE:openSUSE-SU-2019:1484
URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
SUSE:openSUSE-SU-2019:1534
URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
SUSE:openSUSE-SU-2019:1664
URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
SUSE:openSUSE-SU-2019:1912
URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
SUSE:openSUSE-SU-2019:1916
URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
UBUNTU:USN-3962-1
URL:https://usn.ubuntu.com/3962-1/
UBUNTU:USN-3991-1
URL:https://usn.ubuntu.com/3991-1/
UBUNTU:USN-3997-1
URL:https://usn.ubuntu.com/3997-1/
UBUNTU:USN-4080-1
URL:https://usn.ubuntu.com/4080-1/
UBUNTU:USN-4083-1
URL:https://usn.ubuntu.com/4083-1/

浏览次数：1926
严重程度：0（网友投票）