Mageia 2019-0126: libpng security update
png_image_free in png.c in libpng 1.6.0 up to 1.6.36 had a use-after-free because png_image_free_function is called under png_safe_execute (CVE-2019-7317)
Summary
png_image_free in png.c in libpng 1.6.0 up to 1.6.36 had a use-after-free
because png_image_free_function is called under png_safe_execute
(CVE-2019-7317).
References
- https://bugs.mageia.org/show_bug.cgi?id=24353
- https://github.com/pnggroup/libpng/issues/275
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
Resolution
MGASA-2019-0126 - Updated libpng packages fix security vulnerability
SRPMS
- 6/core/libpng-1.6.35-1.1.mga6
Severity
Publication date: 05 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0126.html
Type: security
CVE: CVE-2019-7317
