4.3
CVE-2020-27818
- EPSS 1.2%
- Veröffentlicht 08.12.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:52
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Extra Packages For Enterprise Linux Version7.0
Fedoraproject ≫ Extra Packages For Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.2% | 0.641 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069
https://bugzilla.redhat.com/show_bug.cgi?id=1902011
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html