Vulnerability Name:

CVE-2020-27818 (CCN-193591)

Assigned:2020-12-02
Published:2020-12-02
Updated:2022-06-15
Summary:A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
CVSS v3 Severity:3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-125
CWE-125
CWE-120
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-27818

Source: CCN
Type: pngcheck Web site
pngcheck

Source: MISC
Type: Third Party Advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26

Source: MISC
Type: Third Party Advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72

Source: MISC
Type: Third Party Advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a

Source: MISC
Type: Third Party Advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f

Source: MISC
Type: Third Party Advisory
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad

Source: MISC
Type: Third Party Advisory
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069

Source: CCN
Type: Red Hat Bugzilla – Bug 1902011
(CVE-2020-27818) - CVE-2020-27818 pngcheck: global buffer overflow was discovered in check_chunk_name function via crafted pngfile

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1902011

Source: XF
Type: UNKNOWN
pngcheck-cve202027818-dos(193591)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220529 [SECURITY] [DLA 3032-1] pngcheck security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libpng:pngcheck:2.4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113148
    P
    		pngcheck-3.0.0-1.7 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106576
    P
    		pngcheck-3.0.0-1.7 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:93564
    P
    		 (Important)
    2021-06-02
    oval:org.opensuse.security:def:100277
    P
    		 (Important)
    2021-05-11
    oval:org.opensuse.security:def:109746
    P
    		Security update for pngcheck (Moderate)
    2020-12-10
    oval:org.opensuse.security:def:96399
    P
    		Security update for pngcheck (Moderate)
    2020-12-10
    oval:org.opensuse.security:def:11025
    P
    		Security update for pngcheck (Moderate)
    2020-12-10
    oval:org.opensuse.security:def:11028
    P
    		Security update for pngcheck (Moderate)
    2020-12-10
    oval:org.opensuse.security:def:103089
    P
    		Security update for pngcheck (Moderate)
    2020-12-10
    oval:org.opensuse.security:def:110364
    P
    		Security update for pngcheck (Moderate)
    2020-12-07
    oval:org.opensuse.security:def:110906
    P
    		Security update for pngcheck (Moderate)
    2020-12-06
    BACK
    libpng pngcheck 2.4.0
    fedoraproject fedora 31
    fedoraproject fedora 32
    fedoraproject fedora 33
    fedoraproject fedora 34
    fedoraproject extra packages for enterprise linux 8.0
    fedoraproject extra packages for enterprise linux 7.0
    debian debian linux 9.0
    libpng pngcheck 2.4.0