CVE-2018-13785

NameCVE-2018-13785
DescriptionIn libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs903430

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpng1.6 (PTS)buster1.6.36-6fixed
bullseye1.6.37-3fixed
bookworm, sid1.6.39-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpng1.6sourcestretch(not affected)
libpng1.6source(unstable)1.6.34-2903430

Notes

[stretch] - libpng1.6 <not-affected> (Issue with wrong calculation of row_factor introduced after 1.6.32beta08)
https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
https://sourceforge.net/p/libpng/bugs/278/
Search for package or bug name: Reporting problems