Description

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Remediation

References

CVE-2018-13785

Related Vulnerabilities

WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Scripting (3.1.23)

WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.23)

WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.8)

WordPress Plugin SpiderCatalog SQL Injection (1.7.3)

Severity

Medium

Classification

CVE-2018-13785 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities