4.3
CVSSv2

CVE-2018-13785

Published: 09/07/2018 Updated: 15/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Vulnerability Trend

Affected Products

Vendor Product Versions
LibpngLibpng1.6.34
OracleJdk1.6.0, 1.7.0, 1.8.0, 11.0.0
OracleJre1.6.0, 1.7.0, 1.8.0, 11.0.0
CanonicalUbuntu Linux14.04, 16.04, 17.10, 18.04
RedhatEnterprise Linux Desktop6.0, 7.0
RedhatEnterprise Linux Server6.0, 7.0
RedhatEnterprise Linux Workstation6.0, 7.0

Vendor Advisories

Debian Bug report logs - #903430 libpng16: CVE-2018-13785 Package: src:libpng16; Maintainer for src:libpng16 is Maintainers of libpng16 packages <libpng16@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 9 Jul 2018 20:39:01 UTC Severity: important Tags: patch, security, ups ...
Several security issues were fixed in libpng ...
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Moderate: java-180-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-180-ibm is now available for Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Moderate: java-171-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-171-ibm is now available for Red Hat Satellite 56 and Red Hat Satellite 57Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
IBM Security Guardium has addressed the following vulnerability ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Agile Service Manager Agile Service Manager has addressed the applicable CVEs ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the OS Images for IBM PureApplication System These issues were disclosed as part of the IBM Java SDK quarterly updates in October 2018, and the following vulnerabilities have been addressed ...
There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified These issues were disclosed as part of the IBM Java SDK updates in Oct 2018 ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the IBM PureApplication System These issues were disclosed as part of the IBM Java SDK quarterly updates in July and October 2018, and the following vulnerabilities have been addressed ...
The BigFix Compliance product may be subject to third-party vulnerabilities in the areas of confidentiality, integrity, availability, and others These vulnerabilities have been addressed in release 1101 Further details on the specific modules, scores, and vulnerabilities are provided below ...
There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU used by IBM Streams IBM Streams has addressed the applicable CVEs ...
There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components ...
There are multiple vulnerabilities in Oracle Java SE which is used by IBM Spectrum Protect™ Plus These issues were disclosed as part of the Oracle Critical Patch Update (CPU) in October 2018 ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 80 SR5 that is used by IBM Security AppScan Enterprise These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM® Cloud App Management V201841 IBM® Cloud App Management has addressed the applicable CVEs in a later version ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 80520 used by IBM Cloud Transformation Advisor IBM Cloud Transformation Advisor has addressed the applicable CVEs These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 701040 used by IBM Cloud Manager with OpenStack IBM Cloud Manager with OpenStack has addressed the applicable CVEs These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
IBM Db2 Query Management Facility for z/OS and Enterprise Edition has addressed the following vulnerability ...
Oracle Critical Patch Update Advisory - October 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release of IGI These issues were disclosed as part of the IB ...
IBM Security Privileged Identity Manager has addressed the following vulnerabilities ...

Github Repositories

AFLSmart: Smart Greybox Fuzzing AFLSmart is a smart (input-structure aware) greybox fuzzer which leverages a high-level structural representation of the seed files to generate new files It uses higher-order mutation operators that work on the virtual file structure rather than on the bit level which allows AFLSmart to explore completely new input domains while maintaining file

AFLSmart: Smart Greybox Fuzzing AFLSmart is a smart (input-structure aware) greybox fuzzer which leverages a high-level structural representation of the seed files to generate new files It uses higher-order mutation operators that work on the virtual file structure rather than on the bit level which allows AFLSmart to explore completely new input domains while maintaining file