pngimagefree in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because pngimagefreefunction is called under pngsafe_execute.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "8.7.0-00"
}
],
"vendor_product": "hp:xp7_command_view",
"cpes": [
"cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*"
],
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"fixed": "8.7.0-00"
}
],
"vendor_product": "hpe:xp7_command_view_advanced_edition_suite",
"cpes": [
"cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"fixed": "9.6"
},
{
"fixed": "9.6"
}
],
"source": "CPE_RANGE",
"vendor_product": "netapp:active_iq_unified_manager",
"cpes": [
"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"
]
},
{
"extracted_events": [
{
"fixed": "11.53"
}
],
"vendor_product": "netapp:e-series_santricity_storage_manager",
"cpes": [
"cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"fixed": "3.2"
}
],
"source": "CPE_RANGE",
"vendor_product": "netapp:e-series_santricity_unified_manager",
"cpes": [
"cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "4.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "netapp:e-series_santricity_web_services",
"cpes": [
"cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*"
]
},
{
"extracted_events": [
{
"fixed": "7.3.9"
}
],
"cpes": [
"cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"vendor_product": "netapp:oncommand_insight"
},
{
"extracted_events": [
{
"fixed": "5.1"
}
],
"vendor_product": "netapp:oncommand_workflow_automation",
"cpes": [
"cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"fixed": "3.4.2"
},
{
"fixed": "3.4.2"
}
],
"cpes": [
"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*",
"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*"
],
"source": "CPE_RANGE",
"vendor_product": "netapp:snapmanager"
},
{
"extracted_events": [
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
},
{
"introduced": "18.10"
},
{
"last_affected": "18.10"
},
{
"introduced": "19.04"
},
{
"last_affected": "19.04"
}
],
"source": "CPE_STRING",
"vendor_product": "canonical:ubuntu_linux",
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "9.6"
},
{
"last_affected": "9.6"
},
{
"introduced": "9.6"
},
{
"last_affected": "9.6"
}
],
"cpes": [
"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*",
"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*"
],
"source": "CPE_STRING",
"vendor_product": "netapp:active_iq_unified_manager"
},
{
"extracted_events": [
{
"introduced": "3.4.2-p1"
},
{
"last_affected": "3.4.2-p1"
},
{
"introduced": "3.4.2-p1"
},
{
"last_affected": "3.4.2-p1"
}
],
"vendor_product": "netapp:snapmanager",
"cpes": [
"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*",
"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "15.0"
},
{
"last_affected": "15.0"
},
{
"introduced": "15.1"
},
{
"last_affected": "15.1"
},
{
"introduced": "42.3"
},
{
"last_affected": "42.3"
}
],
"cpes": [
"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"
],
"vendor_product": "opensuse:leap",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "11.2.6.0"
},
{
"last_affected": "11.2.6.0"
}
],
"cpes": [
"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "oracle:hyperion_infrastructure_technology"
},
{
"extracted_events": [
{
"introduced": "7u221"
},
{
"last_affected": "7u221"
},
{
"introduced": "8u212"
},
{
"last_affected": "8u212"
}
],
"cpes": [
"cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:java_se",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "11.0.3"
},
{
"last_affected": "11.0.3"
},
{
"introduced": "12.0.1"
},
{
"last_affected": "12.0.1"
}
],
"cpes": [
"cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:jdk",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:enterprise_linux",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_desktop",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_for_ibm_z_systems"
},
{
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_for_power_big_endian"
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:enterprise_linux_for_power_little_endian",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_for_scientific_computing",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:enterprise_linux_workstation",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "5.8"
},
{
"last_affected": "5.8"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:satellite",
"cpes": [
"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*"
]
}
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "8.0.23"
}
],
"cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}