The issue was resolved by upgrading to version 1.6.19, which was included in the latest release of 1.6.19.0.
An attacker can exploit this vulnerability by enticing an unsuspecting user to open a specially crafted PNG image with a web browser. A successful exploit could lead to remote code execution with the privileges of the user, or information disclosure with the privileges of the user.
CVE-2018-1705 was discovered in pngwks.c in libpng 1.6.11, which could be exploited by malicious, remote attackers to conduct a cross-site scripting (XSS) attack via pngwks.c at /lib/png.
CVE-2018-1706 was discovered in pngwks.c in libpng 1.6.11, which could be exploited by malicious, remote attackers to conduct a remote code execution (RCE) via pngwks.c at /lib/png.
CVE-2018-1707 was discovered in pngwks.c in libpng 1.6.11, which could be exploited by malicious, remote attackers to conduct a remote code execution (RCE) via pngwks.c at /lib/png.
CVE-2018-1708 was discovered in pngwks.c in libpng 1.6.11, which could be exploited by malicious, remote attackers to conduct a remote code execution (R
Installing libpng on Ubuntu 18.04
The most difficult step in this process is installing the necessary libpng version. To install, you should use the following commands:
sudo apt-get update && sudo apt-get install libpng-dev
Note: The file "usr/share/doc/libpng18" includes additional important installation instructions for Ubuntu 18.04 that are not discussed here. You can find them by running "sudo less /usr/share/doc/libpng18".
Timeline
Published on: 10/13/2022 12:15:00 UTC
Last modified on: 10/14/2022 13:14:00 UTC