Advisories » MGASA-2019-0126

Updated libpng packages fix security vulnerability

Publication date: 05 Apr 2019
Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-7317

Description

png_image_free in png.c in libpng 1.6.0 up to 1.6.36 had a use-after-free
because png_image_free_function is called under png_safe_execute
(CVE-2019-7317).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24353
• https://github.com/glennrp/libpng/issues/275
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317

SRPMS

6/core

• libpng-1.6.35-1.1.mga6