In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105599
http://www.securitytracker.com/id/1041889
https://access.redhat.com/errata/RHSA-2018:3000
https://access.redhat.com/errata/RHSA-2018:3001
https://access.redhat.com/errata/RHSA-2018:3002
https://access.redhat.com/errata/RHSA-2018:3003
https://access.redhat.com/errata/RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3533
https://access.redhat.com/errata/RHSA-2018:3534
https://access.redhat.com/errata/RHSA-2018:3671
https://access.redhat.com/errata/RHSA-2018:3672
https://access.redhat.com/errata/RHSA-2018:3779
https://access.redhat.com/errata/RHSA-2018:3852
https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
https://security.gentoo.org/glsa/201908-10
https://security.netapp.com/advisory/ntap-20181018-0001/
Source: MITRE
Published: 2018-07-09
Updated: 2020-09-08
Type: CWE-190
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
OR
cpe:2.3:a:oracle:jdk:1.6.0:update_201:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update_201:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update_191:*:*:*:*:*:*
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
136109 | Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290 | Nessus | PhotonOS Local Security Checks | medium |
136100 | Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084 | Nessus | PhotonOS Local Security Checks | medium |
131496 | EulerOS Virtualization for ARM 64 3.0.3.0 : libpng (EulerOS-SA-2019-2331) | Nessus | Huawei Local Security Checks | medium |
126526 | SUSE SLED15 / SLES15 Security Update : libpng16 (SUSE-SU-2019:1398-2) | Nessus | SuSE Local Security Checks | medium |
125797 | openSUSE Security Update : libpng16 (openSUSE-2019-1530) | Nessus | SuSE Local Security Checks | medium |
125677 | SUSE SLED15 / SLES15 Security Update : libpng16 (SUSE-SU-2019:1398-1) | Nessus | SuSE Local Security Checks | medium |
700659 | Oracle Java SE 6 < Update 211 / 7 < Update 201 / 8 < Update 191 / 11 < Update 1 Multiple Vulnerabilities (October 2018 CPU) | Nessus Network Monitor | Web Clients | medium |
121152 | openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-43) | Nessus | SuSE Local Security Checks | medium |
121151 | openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-42) (Spectre) | Nessus | SuSE Local Security Checks | medium |
121092 | SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:0058-1) | Nessus | SuSE Local Security Checks | medium |
121091 | SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:0057-1) | Nessus | SuSE Local Security Checks | medium |
121059 | SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:0049-1) (Spectre) | Nessus | SuSE Local Security Checks | medium |
120723 | Fedora 28 : libpng15 (2018-b48e0b8761) | Nessus | Fedora Local Security Checks | medium |
120209 | Fedora 28 : libpng10 (2018-04eded822e) | Nessus | Fedora Local Security Checks | medium |
120207 | Fedora 28 : 2:libpng (2018-043bd3349e) | Nessus | Fedora Local Security Checks | medium |
120167 | SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:3868-1) | Nessus | SuSE Local Security Checks | medium |
119801 | RHEL 6 : java-1.8.0-ibm (RHSA-2018:3852) | Nessus | Red Hat Local Security Checks | medium |
119578 | SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:4064-1) | Nessus | SuSE Local Security Checks | medium |
119443 | RHEL 6 : java-1.7.1-ibm (RHSA-2018:3779) | Nessus | Red Hat Local Security Checks | medium |
119285 | SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:3933-1) | Nessus | SuSE Local Security Checks | medium |
119282 | SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:3921-1) | Nessus | SuSE Local Security Checks | medium |
119281 | SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:3920-1) | Nessus | SuSE Local Security Checks | medium |
119175 | RHEL 7 : java-1.7.1-ibm (RHSA-2018:3672) | Nessus | Red Hat Local Security Checks | medium |
119174 | RHEL 6 : java-1.7.1-ibm (RHSA-2018:3671) | Nessus | Red Hat Local Security Checks | medium |
118865 | RHEL 7 : java-1.8.0-ibm (RHSA-2018:3534) | Nessus | Red Hat Local Security Checks | medium |
118864 | RHEL 6 : java-1.8.0-ibm (RHSA-2018:3533) | Nessus | Red Hat Local Security Checks | medium |
118377 | RHEL 6 : java-1.6.0-sun (RHSA-2018:3008) | Nessus | Red Hat Local Security Checks | medium |
118376 | RHEL 7 : java-1.6.0-sun (RHSA-2018:3007) | Nessus | Red Hat Local Security Checks | medium |
118372 | RHEL 6 : java-1.8.0-oracle (RHSA-2018:3003) | Nessus | Red Hat Local Security Checks | medium |
118371 | RHEL 7 : java-1.8.0-oracle (RHSA-2018:3002) | Nessus | Red Hat Local Security Checks | medium |
118370 | RHEL 7 : java-1.7.0-oracle (RHSA-2018:3001) | Nessus | Red Hat Local Security Checks | medium |
118369 | RHEL 6 : java-1.7.0-oracle (RHSA-2018:3000) | Nessus | Red Hat Local Security Checks | medium |
118228 | Oracle Java SE Multiple Vulnerabilities (October 2018 CPU) | Nessus | Windows | medium |
118227 | Oracle Java SE Multiple Vulnerabilities (October 2018 CPU) (Unix) | Nessus | Misc. | medium |
111397 | Fedora 27 : libpng10 (2018-3e04e9fe54) | Nessus | Fedora Local Security Checks | medium |
111040 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libpng vulnerabilities (USN-3712-1) | Nessus | Ubuntu Local Security Checks | medium |