Hide Forgot
libpng through version 1.6.34 is vulnerable to an integer overflow and resultant divide-by-zero in the pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to cause a denial of service via crafted PNG file. Upstream Bug: https://sourceforge.net/p/libpng/bugs/278/ Upstream Patch: https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
Created libpng tracking bugs for this issue: Affects: fedora-all [bug 1599944] Created libpng10 tracking bugs for this issue: Affects: epel-6 [bug 1599950] Affects: fedora-all [bug 1599945] Created libpng12 tracking bugs for this issue: Affects: fedora-all [bug 1599946] Created libpng15 tracking bugs for this issue: Affects: fedora-all [bug 1599947] Created mingw-libpng tracking bugs for this issue: Affects: epel-7 [bug 1599949] Affects: fedora-all [bug 1599948]
The affected code was moved into pngrutil.c:png_check_chunk_length() in the below commit: https://github.com/glennrp/libpng/commit/2dca15686fadb1b8951cb29b02bad4cae73448da
This does not appear to be reproducible on RHEL 7. The target calculation in png_check_chunk_length is not in the RHEL7 version.
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3000
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3001
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3002
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3003
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3533 https://access.redhat.com/errata/RHSA-2018:3533
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:3534 https://access.redhat.com/errata/RHSA-2018:3534
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3671 https://access.redhat.com/errata/RHSA-2018:3671
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:3672 https://access.redhat.com/errata/RHSA-2018:3672
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2018:3779 https://access.redhat.com/errata/RHSA-2018:3779
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:3852 https://access.redhat.com/errata/RHSA-2018:3852