Description
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Exploits (1)
References (8)
Core 8
Core References
Third Party Advisory x_refsource_misc
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26
Third Party Advisory x_refsource_misc
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f
Third Party Advisory x_refsource_misc
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72
Third Party Advisory x_refsource_misc
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a
Third Party Advisory x_refsource_misc
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069
Third Party Advisory x_refsource_misc
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1902011
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html
Scores
CVSS v3
3.3
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Details
CWE
CWE-125
CWE-120
Status
published
Products (8)
debian/debian_linux
9.0
fedoraproject/extra_packages_for_enterprise_linux
7.0
fedoraproject/extra_packages_for_enterprise_linux
8.0
fedoraproject/fedora
31
fedoraproject/fedora
32
fedoraproject/fedora
33
fedoraproject/fedora
34
libpng/pngcheck
2.4.0
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026