Bug 1608073 – CVE-2018-14048 libpng: Segmentation fault in png.c:png_free_data function causing denial of service

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1608073 - (CVE-2018-14048) CVE-2018-14048 libpng: Segmentation fault in png.c:png_free_data function causing denial of service

Summary:	CVE-2018-14048 libpng: Segmentation fault in png.c:png_free_data function cau...

Status:	CLOSED NOTABUG

Aliases:	CVE-2018-14048

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20180712,reported=2...
Keywords:	Security

Depends On:	1608074 1608076 1608077 1608078 1608080 1608075 1608079 1608082 1608846
Blocks:	1608081
	Show dependency tree / graph

Reported:	2018-07-24 19:01 EDT by Laura Pardo
Modified:	2018-10-19 06:19 EDT (History)
CC List:	18 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-10-19 06:19:53 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Laura Pardo 2018-07-24 19:01:01 EDT

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.


References:
https://github.com/glennrp/libpng/issues/238
https://github.com/fouzhe/security/tree/master/libpng

Comment 1 Laura Pardo 2018-07-24 19:02:19 EDT

Created libpng tracking bugs for this issue:

Affects: fedora-all [bug 1608074]


Created libpng10 tracking bugs for this issue:

Affects: epel-6 [bug 1608082]
Affects: fedora-all [bug 1608075]


Created libpng12 tracking bugs for this issue:

Affects: fedora-all [bug 1608076]


Created libpng15 tracking bugs for this issue:

Affects: fedora-all [bug 1608077]


Created mingw-libpng tracking bugs for this issue:

Affects: epel-7 [bug 1608080]
Affects: fedora-all [bug 1608078]

Comment 4 Adam Mariš 2018-08-01 03:53:09 EDT

Statement:

This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.

Comment 5 Adam Mariš 2018-10-19 06:16:54 EDT

This seems to be an intersection bug - the way pngwriter uses libpng can cause a segmentation fault. Using libpng alone, the issue has not been observed. We do not ship pngwriter in any Red Hat product.

Note You need to log in before you can comment on or make changes to this bug.