Home

CVE-2018-13785

Description

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.919

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Java SE Development Kit 11.0.0Windows
Multiple vulnerabilities are affected in Java SE Development Kit 6.0.2010Windows
Multiple vulnerabilities are affected in Java SE Development Kit 1.7.0.1910Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 181Windows
Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 181Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 11Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 6.0.2010Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 1.7.0.1910Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.1810Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK (18.32.13)Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 18 (x64) (18.32.13)Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.25Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.25Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.33Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.33Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.2Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 181 (64-bit)Windows
Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 181 (64-bit)Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 8.0.1810Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 (x64) 8.0.1810Windows
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-1.7.1_sr4.35-26.32.1.i586.rpmLinux
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-1.7.1_sr4.35-26.32.1.x86_64.rpmLinux
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-alsa-1.7.1_sr4.35-26.32.1.i586.rpmLinux
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-alsa-1.7.1_sr4.35-26.32.1.x86_64.rpmLinux
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-jdbc-1.7.1_sr4.35-26.32.1.i586.rpmLinux
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-jdbc-1.7.1_sr4.35-26.32.1.x86_64.rpmLinux
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-plugin-1.7.1_sr4.35-26.32.1.i586.rpmLinux
SUSE-SU-2018:3921-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-plugin-1.7.1_sr4.35-26.32.1.x86_64.rpmLinux
SUSE-SU-2018:3933-1(SUSE Linux Enterprise Server 12-SP3 ) java-1_7_1-ibm-1.7.1_sr4.35-38.29.1.x86_64.rpmLinux
SUSE-SU-2018:3933-1(SUSE Linux Enterprise Server 12-SP3 ) java-1_7_1-ibm-alsa-1.7.1_sr4.35-38.29.1.x86_64.rpmLinux
SUSE-SU-2018:3933-1(SUSE Linux Enterprise Server 12-SP3 ) java-1_7_1-ibm-jdbc-1.7.1_sr4.35-38.29.1.x86_64.rpmLinux
SUSE-SU-2018:3933-1(SUSE Linux Enterprise Server 12-SP3 ) java-1_7_1-ibm-plugin-1.7.1_sr4.35-38.29.1.x86_64.rpmLinux
SUSE-SU-2018:4064-1(SUSE Linux Enterprise Server 12-SP3 ) java-1_8_0-ibm-1.8.0_sr5.25-30.39.1.x86_64.rpmLinux
SUSE-SU-2018:4064-1(SUSE Linux Enterprise Server 12-SP3 ) java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1.x86_64.rpmLinux
SUSE-SU-2018:4064-1(SUSE Linux Enterprise Server 12-SP3 ) java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1.x86_64.rpmLinux
SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-1.7.0.201-43.18.1.x86_64.rpmLinux
SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1.x86_64.rpmLinux
SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1.x86_64.rpmLinux
SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_7_0-openjdk-headless-1.7.0.201-43.18.1.x86_64.rpmLinux
SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1.x86_64.rpmLinux
SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-1.8.0.191-27.29.1.x86_64.rpmLinux
SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1.x86_64.rpmLinux
SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1.x86_64.rpmLinux
SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-headless-1.8.0.191-27.29.1.x86_64.rpmLinux
SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-309099Java SE Development Kit 11.0.2 (64-bit)
PATCH-330243Java SE Development Kit 8 Update 371 (32-bit) (8.0.3710.11) (JDK)
PATCH-308259Java SE Development Kit 8 Update 191 (64-bit)
PATCH-308258Java SE Development Kit 8 Update 191 (32-bit)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-329676Azul Zulu JDK (18.32.13)
PATCH-329677Azul Zulu JDK 18 (x64) (18.32.13)
PATCH-344728Azul Zulu JDK 8 (MSI) (8.84.0.15)
PATCH-344692Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15)
PATCH-344691Azul Zulu JDK 11 (MSI) (x64) (11.78.15)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234