CVE-2018-13785

Published: 09 July 2018

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libpng
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
libpng1.6
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.34-2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.6.34-1ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Other: https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2

Notes

AuthorNote
leosilva
could not reproduce with xenial version also
xenial version hasn't the code affected.
From the comments, it was tested in a xenial release, but
bug was found using a different version from git/upstream.

References

Bugs