OSA-2019-7317-jan2023

Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (libpng)). Supported versions that are affected are Prior to 21.0.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H).