Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1599943 - (CVE-2018-13785) CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngru...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20180405,reported=2...
: Security
Depends On: 1599948 1599949 1599944 1599945 1599946 1599947 1599950 1599951 1599952
Blocks: 1599953
  Show dependency treegraph
 
Reported: 2018-07-10 21:31 EDT by Sam Fowler
Modified: 2018-10-24 18:07 EDT (History)
18 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3000 None None None 2018-10-24 18:05 EDT
Red Hat Product Errata RHSA-2018:3001 None None None 2018-10-24 18:06 EDT
Red Hat Product Errata RHSA-2018:3002 None None None 2018-10-24 18:06 EDT
Red Hat Product Errata RHSA-2018:3003 None None None 2018-10-24 18:07 EDT
Red Hat Product Errata RHSA-2018:3007 None None None 2018-10-24 17:38 EDT
Red Hat Product Errata RHSA-2018:3008 None None None 2018-10-24 17:40 EDT

  None (edit)
Description Sam Fowler 2018-07-10 21:31:49 EDT 
libpng through version 1.6.34 is vulnerable to an integer overflow and resultant divide-by-zero in the pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to cause a denial of service via crafted PNG file.


Upstream Bug:

https://sourceforge.net/p/libpng/bugs/278/


Upstream Patch:

https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
Comment 1 Sam Fowler 2018-07-10 21:33:10 EDT 
Created libpng tracking bugs for this issue:

Affects: fedora-all [bug 1599944]


Created libpng10 tracking bugs for this issue:

Affects: epel-6 [bug 1599950]
Affects: fedora-all [bug 1599945]


Created libpng12 tracking bugs for this issue:

Affects: fedora-all [bug 1599946]


Created libpng15 tracking bugs for this issue:

Affects: fedora-all [bug 1599947]


Created mingw-libpng tracking bugs for this issue:

Affects: epel-7 [bug 1599949]
Affects: fedora-all [bug 1599948]
Comment 2 Sam Fowler 2018-07-10 21:33:36 EDT 
The affected code was moved into pngrutil.c:png_check_chunk_length() in the below commit:

https://github.com/glennrp/libpng/commit/2dca15686fadb1b8951cb29b02bad4cae73448da
Comment 6 Scott Gayou 2018-07-16 17:07:01 EDT 
This does not appear to be reproducible on RHEL 7. The target calculation in png_check_chunk_length is not in the RHEL7 version.
Comment 7 errata-xmlrpc 2018-10-24 17:38:44 EDT 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007
Comment 8 errata-xmlrpc 2018-10-24 17:40:03 EDT 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008
Comment 9 errata-xmlrpc 2018-10-24 18:05:30 EDT 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3000
Comment 10 errata-xmlrpc 2018-10-24 18:06:05 EDT 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3001
Comment 11 errata-xmlrpc 2018-10-24 18:06:35 EDT 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3002
Comment 12 errata-xmlrpc 2018-10-24 18:07:21 EDT 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3003
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.