Description
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Remediation
References
Related Vulnerabilities
WordPress Plugin OSM-OpenStreetMap SQL Injection (6.0.2)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5593)
WordPress Plugin ImageLinks Interactive Image Builder for WordPress Cross-Site Scripting (1.5.2)
WordPress Plugin LOGIN AND REGISTRATION ATTEMPTS LIMIT Cross-Site Request Forgery (2.1)
Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267)