CVE-2020-27818

NameCVE-2020-27818
DescriptionA flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs976350

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pngcheck (PTS)buster, stretch2.3.0-7vulnerable
bullseye, sid2.3.0-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pngchecksource(unstable)2.3.0-13976350

Notes

[buster] - pngcheck <no-dsa> (Minor issue)
[stretch] - pngcheck <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1902011
Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
Search for package or bug name: Reporting problems