Description

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Remediation

References

CVE-2018-13785

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.26)

MediaWiki Other Vulnerability (CVE-2012-5395)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-5301)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.14)

Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.1.9)

Severity

Medium

Classification

CVE-2018-13785 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities