Lucene search

[email protected]NVD:CVE-2024-41439

HistoryJul 30, 2024 - 7:15 p.m.

CVE-2024-41439

2024-07-3019:15:11

CWE-787

[email protected]

web.nvd.nist.gov

cve-2024-41439

hicolor v0.5.0

cp_block()

denial of service

png file

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

20.7%

JSON

A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

Affected configurations

Nvd

Node

dbohdanhicolorMatch0.5.0

VendorProductVersionCPE
dbohdanhicolor0.5.0cpe:2.3:a:dbohdan:hicolor:0.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dbohdan	hicolor	0.5.0	cpe:2.3:a:dbohdan:hicolor:0.5.0:::::::*

References

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc/sample13.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240530192505615.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240531002753478.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.md

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

20.7%

JSON

Related for NVD:CVE-2024-41439

cvelist1 cve1 vulnrichment1