Lucene search

[email protected]NVD:CVE-2024-41443

HistoryJul 30, 2024 - 7:15 p.m.

CVE-2024-41443

2024-07-3019:15:11

CWE-787

[email protected]

web.nvd.nist.gov

cve-2024-41443

stack overflow

cp_dynamic

cute_png.h

denial of service

crafted png file

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

20.7%

JSON

A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

Affected configurations

Nvd

Node

dbohdanhicolorMatch0.5.0

VendorProductVersionCPE
dbohdanhicolor0.5.0cpe:2.3:a:dbohdan:hicolor:0.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dbohdan	hicolor	0.5.0	cpe:2.3:a:dbohdan:hicolor:0.5.0:::::::*

References

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc/sample16.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223831738.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223921086.png

github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.md

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

20.7%

JSON

Related for NVD:CVE-2024-41443

cve1 cvelist1 vulnrichment1