CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35511 – Debian Security Advisory 5300-1
https://notcve.org/view.php?id=CVE-2020-35511
23 Aug 2022 — A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. Se ha detectado un desbordamiento de búfer global en la función pngcheck en pngcheck versión 2.4.0 (5 parches aplicados) por medio de un archivo png diseñado. Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code. • http://www.libpng.org/pub/png/apps/pngcheck.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-126: Buffer Over-read •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-27818 – Ubuntu Security Notice USN-6182-1
https://notcve.org/view.php?id=CVE-2020-27818
08 Dec 2020 — A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Se encontró un fallo en la función check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podría causar una denegación temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicación. It was ... • https://github.com/13m0n4de/pngcheck-vulns • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •