CVE-2020-27818

Description

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

References

Link	Tags
https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26	third party advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f	third party advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72	third party advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a	third party advisory
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069	third party advisory
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad	third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1902011	third party advisory issue tracking
https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html	third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2020-27818?: CVE-2020-27818 has been scored as a low severity vulnerability.
How to fix CVE-2020-27818?: To fix CVE-2020-27818, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-27818 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-27818 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-27818?: CVE-2020-27818 affects n/a pngcheck.

Description

Categories

CWE-120 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-125 – Out-of-bounds Read

References

Frequently Asked Questions