CVE-2018-13785 (retired)

Priority
Description
In libpng 1.6.34, a wrong calculation of row_factor in the
png_check_chunk_length function (pngrutil.c) may trigger an integer
overflow and resultant divide-by-zero while processing a crafted PNG file,
leading to a denial of service.
Notes
 leosilva> could not reproduce with xenial version also
 leosilva> xenial version hasn't the code affected.
 leosilva> From the comments, it was tested in a xenial release, but
 leosilva> bug was found using a different version from git/upstream.
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (1.6.34-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):released (1.6.34-1ubuntu0.18.04.1)
Patches:
Other:https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
More Information

Updated: 2019-09-19 16:05:37 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)