MGASA-2018-0468

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0468.html

Import Source

https://advisories.mageia.org/MGASA-2018-0468.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0468

Related

CVE-2018-13785

Published

2018-11-27T15:26:11Z

Modified

2018-11-27T15:02:05Z

Summary

Updated libpng(12) packages fix security vulnerability

Details

In libpng until version 1.6.35, a wrong calculation of rowfactor in the pngcheckchunklength function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. (CVE-2018-13785)

This update fixes it, also providing the current maintenance releases in the 1.2 and 1.6 stable branches.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / libpng

Package

Name: libpng
Purl: pkg:rpm/mageia/libpng?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.35-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / libpng12

Package

Name: libpng12
Purl: pkg:rpm/mageia/libpng12?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.59-1.mga6

Ecosystem specific

{
    "section": "core"
}