Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27818

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

Published

2020-12-08T01:15:12.320

Last Modified

2024-11-21T05:21:52.203

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libpng	pngcheck	2.4.0	Yes
Application	fedoraproject	extra_packages_for_enterprise_linux	7.0	Yes
Application	fedoraproject	extra_packages_for_enterprise_linux	8.0	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	34	Yes
Operating System	debian	debian_linux	9.0	Yes

References

https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26 Third Party Advisory ([email protected])
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72 Third Party Advisory ([email protected])
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a Third Party Advisory ([email protected])
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f Third Party Advisory ([email protected])
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad Third Party Advisory ([email protected])
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1902011 Issue Tracking, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html Mailing List, Third Party Advisory ([email protected])
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1902011 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)