All the vulnerabilites related to libpng - pngcheck
Vulnerability from fkie_nvd
Published
2020-12-08 01:15
Modified
2024-11-21 05:21
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
References
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26Third Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72Third Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926aThird Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4fThird Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397adThird Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1902011Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2022/05/msg00043.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926aThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4fThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397adThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1902011Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/05/msg00043.htmlMailing List, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7F2663-9C14-44F5-A4EE-65961D2694C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en la funci\u00f3n check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podr\u00eda causar una denegaci\u00f3n temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2020-27818",
  "lastModified": "2024-11-21T05:21:52.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-08T01:15:12.320",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-08-23 20:15
Modified
2024-11-21 05:27
Summary
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
Impacted products
Vendor Product Version
libpng pngcheck 2.4.0
debian debian_linux 10.0
debian debian_linux 11.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7F2663-9C14-44F5-A4EE-65961D2694C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un desbordamiento de b\u00fafer global en la funci\u00f3n pngcheck en pngcheck versi\u00f3n 2.4.0 (5 parches aplicados) por medio de un archivo png dise\u00f1ado."
    }
  ],
  "id": "CVE-2020-35511",
  "lastModified": "2024-11-21T05:27:27.993",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-23T20:15:08.187",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5300"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-126"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

cve-2020-27818
Vulnerability from cvelistv5
Published
2020-12-08 00:04
Modified
2024-08-04 16:25
Severity ?
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
          },
          {
            "name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pngcheck",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "pngcheck-2.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120-\u003eCWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-29T15:06:11",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
        },
        {
          "name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-27818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "pngcheck",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "pngcheck-2.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120-\u003eCWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26",
              "refsource": "MISC",
              "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
            },
            {
              "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f",
              "refsource": "MISC",
              "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
            },
            {
              "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72",
              "refsource": "MISC",
              "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
            },
            {
              "name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a",
              "refsource": "MISC",
              "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
            },
            {
              "name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069",
              "refsource": "MISC",
              "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
            },
            {
              "name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad",
              "refsource": "MISC",
              "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
            },
            {
              "name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27818",
    "datePublished": "2020-12-08T00:04:55",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-08-04T16:25:43.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35511
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-04 17:02
Severity ?
Summary
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
          },
          {
            "name": "DSA-5300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5300"
          },
          {
            "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pngcheck",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "pngcheck-2.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
        },
        {
          "name": "DSA-5300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5300"
        },
        {
          "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3238-1] pngcheck security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35511",
    "datePublished": "2022-08-23T00:00:00",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}