Your submission was sent successfully! Close

CVE-2018-13785

Published: 9 July 2018

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libpng
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
libpng1.6
Launchpad, Ubuntu, Debian
artful
Released (1.6.34-1ubuntu0.17.10.1)
bionic
Released (1.6.34-1ubuntu0.18.04.1)
precise Does not exist

trusty Does not exist

upstream
Released (1.6.34-2)
xenial Not vulnerable

Notes

AuthorNote
leosilva
could not reproduce with xenial version also
xenial version hasn't the code affected.
From the comments, it was tested in a xenial release, but
bug was found using a different version from git/upstream.

References

Bugs