Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 759013 (CVE-2020-27818) - <media-gfx/pngcheck-3.0.2: Multiple vulnerabilities (CVE-2020-27818)
Summary: <media-gfx/pngcheck-3.0.2: Multiple vulnerabilities (CVE-2020-27818)
Status: IN_PROGRESS
Alias: CVE-2020-27818
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-08 07:26 UTC by Sam James
Modified: 2021-02-22 03:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-12-08 07:26:53 UTC
"A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
Comment 1 Sam James archtester gentoo-dev Security 2021-02-01 19:15:26 UTC
From http://www.libpng.org/pub/png/apps/pngcheck.html:

Vulnerability Warning

pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs related to the sPLT and PPLT chunks (the latter is a MNG-only chunk, but it gets noticed even in PNG files if the -s option is used). Both bugs are fixed in version 3.0.1, released on 24 January 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.


Vulnerability Warning

pngcheck versions 2.4.0 and earlier have a number of buffer-overrun bugs, most (but not all) of which are related to the -f option ("force continued parsing after major errors"). As such, the option has been removed altogether in version 3.0.0 (which is the reason for the major-version bump), released on 12 December 2020. All known vulnerabilities are fixed in this version, but the code is pretty crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.
Comment 2 Sam James archtester gentoo-dev Security 2021-02-01 19:16:23 UTC
Vulnerability Warning

pngcheck versions 3.0.1 and earlier have a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). This bug is fixed in version 3.0.2, released on 31 January 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk
Comment 3 Larry the Git Cow gentoo-dev 2021-02-01 22:15:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=531a61e9d885c091ea7ab0596f9367e2f40a15af

commit 531a61e9d885c091ea7ab0596f9367e2f40a15af
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-02-01 19:23:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-02-01 22:14:04 +0000

    media-gfx/pngcheck: (security) bump to 3.0.2
    
    Bug: https://bugs.gentoo.org/759013
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/pngcheck/Manifest              |  1 +
 media-gfx/pngcheck/pngcheck-3.0.2.ebuild | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
Comment 4 Sam James archtester gentoo-dev Security 2021-02-08 17:27:01 UTC
x86 done
Comment 5 Sam James archtester gentoo-dev Security 2021-02-09 09:47:29 UTC
amd64 done

all arches done
Comment 6 Sam James archtester gentoo-dev Security 2021-02-09 09:49:13 UTC
Please cleanup.
Comment 7 Larry the Git Cow gentoo-dev 2021-02-22 03:16:55 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3db3577dba537c0ddde48f86fdce2d523acf14c4

commit 3db3577dba537c0ddde48f86fdce2d523acf14c4
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-02-22 03:10:00 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-02-22 03:10:00 +0000

    media-gfx/pngcheck: security cleanup (drop <3.0.2)
    
    Bug: https://bugs.gentoo.org/759013
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-gfx/pngcheck/Manifest              |  1 -
 media-gfx/pngcheck/pngcheck-2.3.0.ebuild | 30 ------------------------------
 2 files changed, 31 deletions(-)