6.2

CVE-2024-41440

Exploit
A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DbohdanHicolor Version0.5.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.228
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 2.5 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32
Product
https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc
Product
https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc/sample18.png
Product
https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.assets/image-20240530225208577.png
Product
https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.md
Third Party Advisory
Exploit