Description

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Remediation

References

CVE-2018-13785

Related Vulnerabilities

WordPress Plugin VDZ Google Analytics or Google Tag Manager/GTM Cross-Site Scripting (1.5.5)

Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2023-33949)

Adminer 4.6.2 file disclosure vulnerability

Jenkins Observable Discrepancy Vulnerability (CVE-2022-34174)

WordPress Plugin HashThemes Demo Importer Security Bypass (1.1.1)

Severity

Medium

Classification

CVE-2018-13785 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities