Vulnerability Details : CVE-2018-13785
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2018-13785
Probability of exploitation activity in the next 30 days: 1.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-13785
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
[email protected] |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
[email protected] |
CWE ids for CVE-2018-13785
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: [email protected] (Primary)
-
The product divides a value by zero.Assigned by: [email protected] (Primary)
References for CVE-2018-13785
-
https://access.redhat.com/errata/RHSA-2018:3007
Third Party Advisory
-
http://www.securitytracker.com/id/1041889
Broken Link;Third Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:3002
Third Party Advisory
-
http://www.securityfocus.com/bid/105599
Broken Link;Third Party Advisory;VDB Entry
-
https://usn.ubuntu.com/3712-1/
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3001
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3672
Third Party Advisory
-
https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3533
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3534
Third Party Advisory
-
https://security.gentoo.org/glsa/201908-10
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3671
Third Party Advisory
-
https://sourceforge.net/p/libpng/bugs/278/
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3008
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3003
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3852
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3779
Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20181018-0001/
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3000
Third Party Advisory
Products affected by CVE-2018-13785
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*