CVE-2019-17371

Note

bug is in gif2png, not libpng
vulnerability is in a non-setuid cli tool, negligible
security impact.

Package	Release	Status
gif2png Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	xenial	Needs triage
libpng Launchpad, Ubuntu, Debian	bionic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Ignored
	upstream	Needs triage
	xenial	Ignored
libpng1.6 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (gif2png issue)
	disco	Not vulnerable (gif2png issue)
	eoan	Not vulnerable (gif2png issue)
	focal	Not vulnerable (gif2png issue)
	groovy	Not vulnerable (gif2png issue)
	hirsute	Not vulnerable (gif2png issue)
	impish	Not vulnerable (gif2png issue)
	jammy	Not vulnerable (gif2png issue)
	kinetic	Not vulnerable (gif2png issue)
	lunar	Not vulnerable (gif2png issue)
	mantic	Not vulnerable (gif2png issue)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (gif2png issue)

Notes

Author	Note
mdeslaur	bug is in gif2png, not libpng
sbeattie	vulnerability is in a non-setuid cli tool, negligible security impact.