Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2018-13785

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

  • Published: Jul 9, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-13785
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
libpng / libpng 1.6.34 1.6.34.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 17.10 17.10.x
canonical / ubuntu_linux 18.04 18.04.x
oracle / jdk 11.0.0 11.0.0.x
oracle / jre 11.0.0 11.0.0.x
oracle / jdk 1.8.0-update181 1.8.0-update181.x
oracle / jdk 1.7.0-update191 1.7.0-update191.x
oracle / jdk 1.6.0-update201 1.6.0-update201.x
oracle / jre 1.6.0-update201 1.6.0-update201.x
oracle / jre 1.7.0-update191 1.7.0-update191.x
oracle / jre 1.8.0-update181 1.8.0-update181.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x