Lucene search

MitreCVE-2024-41443

HistoryJul 30, 2024 - 7:15 p.m.

CVE-2024-41443

2024-07-3019:15:11

CWE-787

mitre

web.nvd.nist.gov

stack overflow

cp_dynamic

hicolor v0.5.0

denial of service

png file crafted

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

Affected configurations

Nvd

Node

dbohdanhicolorMatch0.5.0

VendorProductVersionCPE
dbohdanhicolor0.5.0cpe:2.3:a:dbohdan:hicolor:0.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dbohdan	hicolor	0.5.0	cpe:2.3:a:dbohdan:hicolor:0.5.0:::::::*

References

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc/sample16.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223831738.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223921086.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.md

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for CVE-2024-41443