In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
27 Jun 2022, 17:35
Type | Values Removed | Values Added |
---|---|---|
References | (SECTRACK) http://www.securitytracker.com/id/1041889 - Broken Link, Third Party Advisory, VDB Entry | |
References | (GENTOO) https://security.gentoo.org/glsa/201908-10 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/105599 - Broken Link, Third Party Advisory, VDB Entry |
13 May 2022, 14:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:jre:1.7.0:update_191:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.8.0:update_181:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.6.0:update_201:*:*:*:*:*:* |
cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:* |
Information
Published : 2018-07-09 13:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-13785
Mitre link : CVE-2018-13785
CVE.ORG link : CVE-2018-13785
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
oracle
- jre
- jdk
libpng
- libpng
canonical
- ubuntu_linux