CVE-2020-35511 A buffer overflow was found in pngcheck v2.4.0, which was patched.

This could cause denial of service or possibly remote code execution on the system where the user has access to the affected software.

Exploitation of this issue was reported to be very difficult. pngcheck version 2.4.0 is no longer available. Red Hat has issued an update to its customers to upgrade to version 2.6.1, which fixes the issue.

Red Hat recommends users to upgrade to version 2.6.1.

CVE-2017-15695: pngcheck buffer overflow # Vulnerability # pngcheck # Red Hat https://t.co/yHXV7SdgPf — Red Hat Developer (@RedHatDev) February 16, 2018 Red Hat has issued updates for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7 Beta, Red Hat Enterprise Linux 7 Extended Beta, Red Hat Enterprise Linux 7 EUS, Red Hat Enterprise Linux 7 EUS Beta, Red Hat Enterprise Linux 7 EUS Extended Beta, Red Hat Enterprise Linux 7 LTS, Red Hat Enterprise Linux 7.1, Red Hat Enterprise Linux 7.2, Red Hat Enterprise Linux 7.3 and Red Hat Enterprise Linux 7.4 to fix this issue. Red Hat recommends users to upgrade to the latest available version.
In addition, Red Hat has issued an update for pngcheck version 2.6.1 to fix this issue. Red Hat recommends users to upgrade to version 2.6.1

Summary of released updates

Red Hat has released updates for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7 Beta, Red Hat Enterprise Linux 7 Extended Beta, Red Hat Enterprise Linux 7 EUS, Red Hat Enterprise Linux 7 EUS Beta, Red Hat Enterprise Linux 7 EUS Extended Beta, and Red Hat Enterprise Linux 7 LTS to fix this issue.

Summary

A buffer overflow vulnerability was discovered in pngcheck, a tool for checking the validity of PNG files. This caused denial of service or possible remote code execution on the system where the user has access to the affected software.
Red Hat released an update for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 7 Beta to fix this issue. Red Hat recommends users to upgrade to version 2.6.1 from their distribution vendor's website or use an installer package from Red Hat's website.

References !

CVE-2020-35511: Multiple vulnerabilities in pngcheck cause Denial of Service and remote code execution on the system where the user has access to the affected software
!CVE-2017-15695: buffer overflow in pngcheck # Vulnerability # pngcheck # Red Hat

Timeline

Published on: 08/23/2022 20:15:00 UTC
Last modified on: 08/26/2022 20:26:00 UTC

References

• http://www.libpng.org/pub/png/apps/pngcheck.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35511