CVE-2024-41438

MEDIUM

Dbohdan Hicolor - Heap Buffer Overflow

Title source: rule

Description

A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

References (7)

Core 7

Core References

Product

https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2

Product

https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530184723547.png

Product

https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530184848743.png

Product

https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530185015780.png

Exploit, Third Party Advisory

https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.md

Product

https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/poc

Product

https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/poc/sample10.png

Scores

CVSS v3 6.2

EPSS 0.0008

EPSS Percentile 22.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (1)

dbohdan/hicolor 0.5.0

Published Jul 30, 2024

Tracked Since Feb 18, 2026