CVE-2020-27818

EUVD-2020-20319
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
libpngpngcheck
2.4.0
fedoraprojectextra_packages_for_enterprise_linux
7.0
fedoraprojectextra_packages_for_enterprise_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pngcheck
bookworm
3.0.3-1
fixed
bullseye
3.0.3-1~deb11u1
fixed
bullseye (security)
3.0.3-1~deb11u1
fixed
sid
3.0.3-3
fixed
trixie
3.0.3-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pngcheck
bionic
Fixed 2.3.0-7ubuntu0.18.04.1~esm1
released
focal
Fixed 2.3.0-7ubuntu0.20.04.1
released
groovy
ignored
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
ignored
noble
needs-triage
trusty
dne
xenial
Fixed 2.3.0-7ubuntu0.16.04.1~esm1
released
Common Weakness Enumeration
References
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069
https://bugzilla.redhat.com/show_bug.cgi?id=1902011
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069
https://bugzilla.redhat.com/show_bug.cgi?id=1902011
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html