CVE-2018-13785 in Ubuntu

CVE-2018-13785

Priority

Description

In libpng 1.6.34, a wrong calculation of row_factor in the
png_check_chunk_length function (pngrutil.c) may trigger an integer
overflow and resultant divide-by-zero while processing a crafted PNG file,
leading to a denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785
https://sourceforge.net/p/libpng/bugs/278/
https://ubuntu.com/security/notices/USN-3712-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430

Assigned-to

leosilva

Notes

leosilva

could not reproduce with xenial version also
xenial version hasn't the code affected.
From the comments, it was tested in a xenial release, but
bug was found using a different version from git/upstream.

Package

Source: libpng (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (code not present)
Ubuntu 14.04 ESM:	not-affected (code not present)

Patches:

Package

Source: libpng1.6 (LP Ubuntu Debian)

Upstream:	released (1.6.34-2)
Ubuntu 18.04 LTS:	released (1.6.34-1ubuntu0.18.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Other:

https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2

More Information

Updated: 2022-04-13 13:19:22 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)