Lucene search

[email protected]NVD:CVE-2024-41437

HistoryJul 30, 2024 - 7:15 p.m.

CVE-2024-41437

2024-07-3019:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2024-41437

heap buffer overflow

cp_unfilter function

hicolor v0.5.0

denial of service

crafted png file

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.6%

JSON

A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

Affected configurations

Nvd

Node

dbohdanhicolorMatch0.5.0

VendorProductVersionCPE
dbohdanhicolor0.5.0cpe:2.3:a:dbohdan:hicolor:0.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dbohdan	hicolor	0.5.0	cpe:2.3:a:dbohdan:hicolor:0.5.0:::::::*

References

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/poc/sample6.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.assets/image-20240530183857985.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.md

github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11

github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/poc

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.6%

JSON

Related for NVD:CVE-2024-41437

vulnrichment1 cve1 cvelist1