Advisories ยป MGASA-2018-0468

Updated libpng(12) packages fix security vulnerability

Publication date: 27 Nov 2018
Modification date: 27 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-13785

Description

In libpng until version 1.6.35, a wrong calculation of row_factor in the
png_check_chunk_length function (pngrutil.c) may trigger an integer
overflow and resultant divide-by-zero while processing a crafted PNG
file, leading to a denial of service. (CVE-2018-13785)

This update fixes it, also providing the current maintenance releases in
the 1.2 and 1.6 stable branches.
                

References

SRPMS

6/core