CVE-2020-27818

EPSS 0.16%
Veröffentlicht 08.12.2020 01:15:12
Zuletzt bearbeitet 21.11.2024 05:21:52
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libpng ≫ Pngcheck Version2.4.0

Fedoraproject ≫ Extra Packages For Enterprise Linux Version7.0

Fedoraproject ≫ Extra Packages For Enterprise Linux Version8.0

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.338

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26

Third Party Advisory

https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72

Third Party Advisory

https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a

Third Party Advisory

https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f

Third Party Advisory

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad

Third Party Advisory