Search criteria
6 vulnerabilities found for pngcheck by libpng
FKIE_CVE-2020-35511
Vulnerability from fkie_nvd - Published: 2022-08-23 20:15 - Updated: 2024-11-21 05:27
Severity ?
Summary
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.libpng.org/pub/png/apps/pngcheck.html | Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2022/dsa-5300 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/apps/pngcheck.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5300 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | pngcheck | 2.4.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7F2663-9C14-44F5-A4EE-65961D2694C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file."
},
{
"lang": "es",
"value": "Se ha detectado un desbordamiento de b\u00fafer global en la funci\u00f3n pngcheck en pngcheck versi\u00f3n 2.4.0 (5 parches aplicados) por medio de un archivo png dise\u00f1ado."
}
],
"id": "CVE-2020-35511",
"lastModified": "2024-11-21T05:27:27.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T20:15:08.187",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5300"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-27818
Vulnerability from fkie_nvd - Published: 2020-12-08 01:15 - Updated: 2024-11-21 05:21
Severity ?
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | pngcheck | 2.4.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7F2663-9C14-44F5-A4EE-65961D2694C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en la funci\u00f3n check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podr\u00eda causar una denegaci\u00f3n temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicaci\u00f3n."
}
],
"id": "CVE-2020-27818",
"lastModified": "2024-11-21T05:21:52.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-08T01:15:12.320",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-35511 (GCVE-0-2020-35511)
Vulnerability from cvelistv5 – Published: 2022-08-23 00:00 – Updated: 2024-08-04 17:02
VLAI?
Summary
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
},
{
"name": "DSA-5300",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5300"
},
{
"name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pngcheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pngcheck-2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
},
{
"name": "DSA-5300",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5300"
},
{
"name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35511",
"datePublished": "2022-08-23T00:00:00",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27818 (GCVE-0-2020-27818)
Vulnerability from cvelistv5 – Published: 2020-12-08 00:04 – Updated: 2024-08-04 16:25
VLAI?
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Severity ?
No CVSS data available.
CWE
- CWE-120 - >CWE-125
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pngcheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pngcheck-2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120-\u003eCWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-29T15:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pngcheck",
"version": {
"version_data": [
{
"version_value": "pngcheck-2.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120-\u003eCWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27818",
"datePublished": "2020-12-08T00:04:55",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35511 (GCVE-0-2020-35511)
Vulnerability from nvd – Published: 2022-08-23 00:00 – Updated: 2024-08-04 17:02
VLAI?
Summary
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
},
{
"name": "DSA-5300",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5300"
},
{
"name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pngcheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pngcheck-2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
},
{
"name": "DSA-5300",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5300"
},
{
"name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35511",
"datePublished": "2022-08-23T00:00:00",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27818 (GCVE-0-2020-27818)
Vulnerability from nvd – Published: 2020-12-08 00:04 – Updated: 2024-08-04 16:25
VLAI?
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Severity ?
No CVSS data available.
CWE
- CWE-120 - >CWE-125
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pngcheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pngcheck-2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120-\u003eCWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-29T15:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pngcheck",
"version": {
"version_data": [
{
"version_value": "pngcheck-2.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120-\u003eCWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad",
"refsource": "MISC",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27818",
"datePublished": "2020-12-08T00:04:55",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}