CVE-2018-13785

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

medium 6.5 CVSS 3.1

Published: Jul 9, 2018

Modified: May 29, 2026

Vendor: Libpng

Product: Libpng

Versions: 1.6.34,14.04,16.04,17.10,18.04,1.6.0,1.7.0,1.8.0,11.0.0,6.0

Description

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105599
http://www.securitytracker.com/id/1041889
https://access.redhat.com/errata/RHSA-2018:3000
https://access.redhat.com/errata/RHSA-2018:3001
https://access.redhat.com/errata/RHSA-2018:3002
https://access.redhat.com/errata/RHSA-2018:3003
https://access.redhat.com/errata/RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3533

Related CVEs

CVSS Breakdown

Version	3.1
Score	6.5 / 10
Severity	medium

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Weakness (CWE)

CWE-190

Affected Product

Vendor	Libpng
Product	Libpng
Versions	1.6.34,14.04,16.04,17.10,18.04,1.6.0,1.7.0,1.8.0,11.0.0,6.0