{"affected":[{"ecosystem_specific":{"binaries":[{"libpng16-16":"1.6.34-3.9.1","libpng16-16-32bit":"1.6.34-3.9.1","libpng16-compat-devel":"1.6.34-3.9.1","libpng16-devel":"1.6.34-3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libpng16","purl":"pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.34-3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libpng16 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when \n  png_image_free() was called under png_safe_execute (bsc#1124211).\n- CVE-2018-13785: Fixed a wrong calculation of row_factor in the\n  png_check_chunk_length function in pngrutil.c, which could haved triggered\n  and integer overflow and result in an divide-by-zero while processing a\n  crafted PNG file, leading to a denial of service (bsc#1100687)\n","id":"SUSE-SU-2019:1398-2","modified":"2019-07-05T11:03:58Z","published":"2019-07-05T11:03:58Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191398-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1100687"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121624"},{"type":"REPORT","url":"https://bugzilla.suse.com/1124211"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-7317"}],"related":["CVE-2018-13785","CVE-2019-7317"],"summary":"Security update for libpng16","upstream":["CVE-2018-13785","CVE-2019-7317"]}