All the vulnerabilites related to libpng - pngcheck
Vulnerability from fkie_nvd
Published
2020-12-08 01:15
Modified
2024-11-21 05:21
Severity ?
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libpng | pngcheck | 2.4.0 | |
fedoraproject | extra_packages_for_enterprise_linux | 7.0 | |
fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
fedoraproject | fedora | 31 | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE7F2663-9C14-44F5-A4EE-65961D2694C6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7", "vulnerable": true }, { "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability." }, { "lang": "es", "value": "Se encontr\u00f3 un fallo en la funci\u00f3n check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podr\u00eda causar una denegaci\u00f3n temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicaci\u00f3n." } ], "id": "CVE-2020-27818", "lastModified": "2024-11-21T05:21:52.203", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-12-08T01:15:12.320", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-08-23 20:15
Modified
2024-11-21 05:27
Severity ?
Summary
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.libpng.org/pub/png/apps/pngcheck.html | Third Party Advisory | |
secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://www.debian.org/security/2022/dsa-5300 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/apps/pngcheck.html | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5300 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libpng | pngcheck | 2.4.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE7F2663-9C14-44F5-A4EE-65961D2694C6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file." }, { "lang": "es", "value": "Se ha detectado un desbordamiento de b\u00fafer global en la funci\u00f3n pngcheck en pngcheck versi\u00f3n 2.4.0 (5 parches aplicados) por medio de un archivo png dise\u00f1ado." } ], "id": "CVE-2020-35511", "lastModified": "2024-11-21T05:27:27.993", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-08-23T20:15:08.187", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.libpng.org/pub/png/apps/pngcheck.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5300" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.libpng.org/pub/png/apps/pngcheck.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5300" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-126" } ], "source": "secalert@redhat.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
cve-2020-27818
Vulnerability from cvelistv5
Published
2020-12-08 00:04
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
References
▼ | URL | Tags |
---|---|---|
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26 | x_refsource_MISC | |
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f | x_refsource_MISC | |
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72 | x_refsource_MISC | |
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a | x_refsource_MISC | |
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069 | x_refsource_MISC | |
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1902011 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:25:43.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011" }, { "name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "pngcheck", "vendor": "n/a", "versions": [ { "status": "affected", "version": "pngcheck-2.4.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120-\u003eCWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-29T15:06:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011" }, { "name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27818", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "pngcheck", "version": { "version_data": [ { "version_value": "pngcheck-2.4.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-120-\u003eCWE-125" } ] } ] }, "references": { "reference_data": [ { "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26", "refsource": "MISC", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26" }, { "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f", "refsource": "MISC", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f" }, { "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72", "refsource": "MISC", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72" }, { "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a", "refsource": "MISC", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a" }, { "name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069", "refsource": "MISC", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069" }, { "name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad", "refsource": "MISC", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011" }, { "name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27818", "datePublished": "2020-12-08T00:04:55", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:25:43.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-35511
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:02:08.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.libpng.org/pub/png/apps/pngcheck.html" }, { "name": "DSA-5300", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5300" }, { "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "pngcheck", "vendor": "n/a", "versions": [ { "status": "affected", "version": "pngcheck-2.4.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "http://www.libpng.org/pub/png/apps/pngcheck.html" }, { "name": "DSA-5300", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5300" }, { "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35511", "datePublished": "2022-08-23T00:00:00", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-04T17:02:08.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }