Candidate: CVE-2018-14048
PublicDate: 2018-07-13 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048
 https://github.com/fouzhe/security/tree/master/libpng
Description:
 An issue has been found in libpng 1.6.34. It is a SEGV in the function
 png_free_data in png.c, related to the recommended error handling for
 png_read_image.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/glennrp/libpng/issues/238
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_libpng:
upstream_libpng: needs-triage
precise/esm_libpng: ignored (end of ESM support, was needed)
trusty_libpng: ignored (reached end-of-life)
trusty/esm_libpng: needed
xenial_libpng: ignored (end of standard support, was needed)
esm-infra/xenial_libpng: needed
artful_libpng: DNE
bionic_libpng: DNE
cosmic_libpng: DNE
disco_libpng: DNE
eoan_libpng: DNE
focal_libpng: DNE
groovy_libpng: DNE
hirsute_libpng: DNE
impish_libpng: DNE
jammy_libpng: DNE
devel_libpng: DNE

Patches_libpng1.6:
upstream_libpng1.6: released (1.6.37)
precise/esm_libpng1.6: DNE
trusty_libpng1.6: DNE
trusty/esm_libpng1.6: DNE
xenial_libpng1.6: ignored (end of standard support, was needed)
artful_libpng1.6: ignored (reached end-of-life)
bionic_libpng1.6: needed
cosmic_libpng1.6: ignored (reached end-of-life)
disco_libpng1.6: ignored (reached end-of-life)
eoan_libpng1.6: not-affected (1.6.37-1)
focal_libpng1.6: not-affected (1.6.37-1)
groovy_libpng1.6: not-affected (1.6.37-1)
hirsute_libpng1.6: not-affected (1.6.37-1)
impish_libpng1.6: not-affected (1.6.37-1)
jammy_libpng1.6: not-affected (1.6.37-1)
devel_libpng1.6: not-affected (1.6.37-1)