CVE-2019-17371

Note

bug is in gif2png, not libpng
vulnerability is in a non-setuid cli tool, negligible
security impact.

Package	Release	Status
libpng Launchpad, Ubuntu, Debian	bionic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	upstream	Needs triage
	impish	Does not exist
	kinetic	Does not exist
	trusty	Ignored
	jammy	Does not exist
	xenial	Ignored
	lunar	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	mantic	Does not exist
libpng1.6 Launchpad, Ubuntu, Debian	disco	Not vulnerable (gif2png issue)
	eoan	Not vulnerable (gif2png issue)
	kinetic	Not vulnerable (gif2png issue)
	xenial	Not vulnerable (gif2png issue)
	jammy	Not vulnerable (gif2png issue)
	lunar	Not vulnerable (gif2png issue)
	bionic	Not vulnerable (gif2png issue)
	focal	Not vulnerable (gif2png issue)
	groovy	Not vulnerable (gif2png issue)
	hirsute	Not vulnerable (gif2png issue)
	impish	Not vulnerable (gif2png issue)
	trusty	Does not exist
	upstream	Needs triage
	mantic	Not vulnerable (gif2png issue)
gif2png Launchpad, Ubuntu, Debian	kinetic	Does not exist
	bionic	Needs triage
	focal	Does not exist
	xenial	Needs triage
	jammy	Does not exist
	lunar	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	mantic	Does not exist

Notes

Author	Note
mdeslaur	bug is in gif2png, not libpng
sbeattie	vulnerability is in a non-setuid cli tool, negligible security impact.