CVE-2020-27818

NameCVE-2020-27818
DescriptionA flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3032-1
Debian Bugs976350

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pngcheck (PTS)buster2.3.0-7+deb10u1fixed
buster (security)3.0.3-1~deb10u2fixed
bullseye (security), bullseye3.0.3-1~deb11u1fixed
bookworm3.0.3-1fixed
sid, trixie3.0.3-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pngchecksourcestretch2.3.0-7+deb9u1DLA-3032-1
pngchecksourcebuster2.3.0-7+deb10u1
pngchecksource(unstable)2.3.0-13976350

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1902011
Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
Search for package or bug name: Reporting problems