In libpng 1.6.34, a wrong calculation of rowfactor in the pngcheckchunklength function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.6.34-1ubuntu0.18.04.1", "binary_name": "libpng-dev" }, { "binary_version": "1.6.34-1ubuntu0.18.04.1", "binary_name": "libpng-tools" }, { "binary_version": "1.6.34-1ubuntu0.18.04.1", "binary_name": "libpng-tools-dbgsym" }, { "binary_version": "1.6.34-1ubuntu0.18.04.1", "binary_name": "libpng16-16" }, { "binary_version": "1.6.34-1ubuntu0.18.04.1", "binary_name": "libpng16-16-dbgsym" }, { "binary_version": "1.6.34-1ubuntu0.18.04.1", "binary_name": "libpng16-16-udeb" } ] }