CVE-2019-6129

MEDIUM(6.5)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Risk Signal Score16/100 — NIEDRIG

CVSS 6.5 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.5

Technische Schwere

Beschreibung

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

Referenzen

https://github.com/glennrp/libpng/issues/269
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://github.com/glennrp/libpng/issues/269
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html