GHSA-22g4-7m96-g7pp

Опубликовано: 30 июл. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.5

Описание

A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-41437
https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/poc/sample6.png
https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.assets/image-20240530183857985.png
https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.md
https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11
https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/poc

EPSS

Процентиль: 24%

0.00078

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2024-41437

Дефекты

CWE-122

CWE-787

Связанные уязвимости

CVE-2024-41437

CVSS3: 5.5

nvd

11 месяцев назад

A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

EPSS

Процентиль: 24%

0.00078

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2024-41437

Дефекты

CWE-122

CWE-787