Headline
Debian Security Advisory 5300-1
Debian Linux Security Advisory 5300-1 - Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5300-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffDecember 12, 2022 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : pngcheckCVE ID : CVE-2020-35511Multiple security issues were discovered in pngcheck, a tool to verifythe integrity of PNG, JNG and MNG files, which could potentially resultin the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 3.0.3-1~deb11u1.We recommend that you upgrade your pngcheck packages.For the detailed security status of pngcheck please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pngcheckFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOXol0ACgkQEMKTtsN8TjaLrA//UKv7QUjBuJzwxy0kVrxAvH+xDT4N61NBlVDAerMncxxjb3BBWDYWEzHLJ/Utw3XYQYQjnffXPRJiCruH8bFdDmD18vqMCoUGDo6CTFT/pyQqFxncZu13IQvV1LjgnVraaJa/TQ1BrH8+p8O8X+jqC0f9CThV20qatvxXbgmQkevXHIJTwEw3wxXUaW9Mn3zInZBmkqQKsRaTnd+ydOdwD6MUDVPj/3FuSTLiOv7kV3cyzBB3lZV/7NoxLw9KBoTHttc4rPd/u6XYdG5Xc+VOGnYhqLyF8cxQbzi1/HaTZn/ItuGmCrHe6eFm5VgMI0RutukvFSWuMPIf1MKgvBco3UppSCKUOpJvBNWOmt8uV4eRJgQvx399FyWkwpocub1cUSaLdigcd8oTDj6xqi8TpCOXW6fQiVu7pIxeQEcJWHAiiL/T82kbUBJ3zXOMWMsOwYjdxujC095480gjENVqVoAq41cN0J/xroBXFVAxVZXLxaGrrRjAzdLhc2AHWhFXWESCzBFHV2OM5gxtQUpYLPdICYvNTRXxNXhT3VZOZBTJy0cYQrtAwRQyE//3agQDzRVpJxte6BbLxOl92C+WZicpbiUyzv3a96QM12R3RQy2A6WiXeQ4L6xHTnvIe7RN2cS9Gl/z0NnY6d9yz3Ay6kAB7o62e3GqDNchtXp0Ers=ppOy-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice USN-6182-1
Ubuntu Security Notice 6182-1 - It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
CVE-2020-35511: pngcheck Home Page
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.