FKIE_CVE-2020-27818

Vulnerability from fkie_nvd - Published: 2020-12-08 01:15 - Updated: 2024-11-21 05:21
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
References
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26Third Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72Third Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926aThird Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4fThird Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397adThird Party Advisory
secalert@redhat.comhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1902011Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2022/05/msg00043.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926aThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4fThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397adThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1902011Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/05/msg00043.htmlMailing List, Third Party Advisory
Impacted products
Vendor Product Version
libpng pngcheck 2.4.0
fedoraproject extra_packages_for_enterprise_linux 7.0
fedoraproject extra_packages_for_enterprise_linux 8.0
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
debian debian_linux 9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7F2663-9C14-44F5-A4EE-65961D2694C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en la funci\u00f3n check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podr\u00eda causar una denegaci\u00f3n temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2020-27818",
  "lastModified": "2024-11-21T05:21:52.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-08T01:15:12.320",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.