A global buffer overflow was discovered in check_chunk_name function in pngcheck-2.4.0 via a crafted png file. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1897485
Created pngcheck tracking bugs for this issue: Affects: fedora-all [bug 1902012]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Flaw summary: When pngcheck is provided a crafted input file, it could cause a global-buffer-overflow -> out-of-bounds read, due to improper use of casts in the check_chunk_name() function of pngcheck-2.4.0/pngcheck.c. Red Hat Product Security has designated this as a Low severity issue because an attacker would likely need to social engineer a user or already have access to a victim system, and exploiting this flaw would likely only lead to temporary denial of service (application crash).
Mitigation: To mitigate this flaw, do not provide input files from untrusted sources to pngcheck.
External References: F34/Rawhide: https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26 F33: https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f F32: https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72 F31: https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a EPEL8: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069 EPEL7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad