Advisories » MGASA-2018-0468

Updated libpng(12) packages fix security vulnerability

Publication date: 27 Nov 2018
Modification date: 27 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-13785

Description

In libpng until version 1.6.35, a wrong calculation of row_factor in the
png_check_chunk_length function (pngrutil.c) may trigger an integer
overflow and resultant divide-by-zero while processing a crafted PNG
file, leading to a denial of service. (CVE-2018-13785)

This update fixes it, also providing the current maintenance releases in
the 1.2 and 1.6 stable branches.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23307
• https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13785.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785

SRPMS

6/core

• libpng-1.6.35-1.mga6
• libpng12-1.2.59-1.mga6