A global buffer overflow was discovered in check_chunk_name function in pngcheck-2.4.0 via a crafted png file.
Created pngcheck tracking bugs for this issue:
Affects: fedora-all [bug 1902012]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
When pngcheck is provided a crafted input file, it could cause a global-buffer-overflow -> out-of-bounds read, due to improper use of casts in the check_chunk_name() function of pngcheck-2.4.0/pngcheck.c. Red Hat Product Security has designated this as a Low severity issue because an attacker would likely need to social engineer a user or already have access to a victim system, and exploiting this flaw would likely only lead to temporary denial of service (application crash).
To mitigate this flaw, do not provide input files from untrusted sources to pngcheck.