[GLSA-201908-02] libpng: Multiple vulnerabilities
Multiple vulnerabilities have been found in libpng, the worst of which could result in a Denial of Service condition.
Background
libpng is a standard library used to process PNG (Portable Network
Graphics) images. It is used by several programs, including web browsers
and potentially server processes.
Description
Multiple vulnerabilities have been discovered in libpng. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker, by enticing a user to process a specially crafted PNG
file, could cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All libpng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.37"
Package | Affected Version |
---|---|
pkg:ebuild/media-libs/libpng?distro=gentoo | < 1.6.37 |
Package | Unaffected Version |
---|---|
pkg:ebuild/media-libs/libpng?distro=gentoo | >= 1.6.37 |
- ID
- GLSA-201908-02
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201908-02
- Published
-
2019-08-03T00:00:00
(5 years ago) - Modified
-
2019-08-03T00:00:00
(5 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS2-2019-1229
- ALAS2-2019-1246
- ALPINE:CVE-2018-14048
- ALPINE:CVE-2018-14550
- ALPINE:CVE-2019-7317
- ASA-201904-10
- ASA-201905-8
- ASA-201905-9
- DSA-4435-1
- DSA-4448-1
- DSA-4451-1
- ELSA-2019-1265
- ELSA-2019-1267
- ELSA-2019-1269
- ELSA-2019-1308
- ELSA-2019-1309
- ELSA-2019-1310
- FEDORA-2019-335c3ad86a
- FREEBSD:44B6DFBF-4EF7-4D52-AD52-2B1B05D81272
- MFSA-2019-13
- MFSA-2019-14
- MFSA-2019-15
- openSUSE-SU-2019:1530-1
- openSUSE-SU-2019:1534-1
- openSUSE-SU-2019:1664-1
- openSUSE-SU-2019:1912-1
- openSUSE-SU-2019:1916-1
- RHSA-2019:1265
- RHSA-2019:1267
- RHSA-2019:1269
- RHSA-2019:1308
- RHSA-2019:1309
- RHSA-2019:1310
- RHSA-2019:2494
- RHSA-2019:2495
- RHSA-2019:2585
- RHSA-2019:2590
- RHSA-2019:2592
- SSA:2019-107-01
- SSA:2019-141-01
- SUSE-SU-2019:1388-1
- SUSE-SU-2019:1398-1
- SUSE-SU-2019:1398-2
- SUSE-SU-2019:1405-1
- SUSE-SU-2019:1458-1
- SUSE-SU-2019:2002-1
- SUSE-SU-2019:2021-1
- SUSE-SU-2019:2028-1
- SUSE-SU-2019:2036-1
- SUSE-SU-2019:2036-2
- SUSE-SU-2019:2291-1
- SUSE-SU-2019:2336-1
- SUSE-SU-2019:2371-1
- SUSE-SU-2019:3060-2
- USN-3962-1
- USN-3991-1
- USN-3997-1
- USN-4080-1
- USN-4083-1
- USN-5432-1
- USN-5432-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2018-14048 | CVE-2018-14048 | https://nvd.nist.gov/vuln/detail/CVE-2018-14048 |
CVE | CVE-2018-14550 | CVE-2018-14550 | https://nvd.nist.gov/vuln/detail/CVE-2018-14550 |
CVE | CVE-2019-7317 | CVE-2019-7317 | https://nvd.nist.gov/vuln/detail/CVE-2019-7317 |
Bugzilla | 683366 | Bugzilla #683366 | https://bugs.gentoo.org/show_bug.cgi?id=683366 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |