CVE-2020-27818 PoC — Libpng Pngcheck 缓冲区错误漏洞

Source

https://github.com/13m0n4de/pngcheck-vulns

Associated Vulnerability

Title:Libpng Pngcheck 缓冲区错误漏洞 (CVE-2020-27818)
Description:Libpng Pngcheck是Libpng组织的一个用C编写的基于检查内部32位CRC、aka校验和并解压缩图像数据的验证PNG，JNG和MNG文件完整性的软件。 pngcheck-2.4.0 存在安全漏洞，该漏洞源于check_chunk_name()函数发现了一个缺陷。攻击者可利用该漏洞可以传递一个恶意文件，由pngcheck处理，可以导致暂时拒绝服务，对应用程序可用性构成低风险。

Description

Research and verification of vulnerabilities in pngcheck, including CVE-2020-27818, CVE-2020-35511 and other bugs found in version 2.4.0.

Readme

# pngcheck-vulns

File Snapshot


 [4.0K]  /data/pocs/5e86459d689dd0c3dfc0240f84cc24269aa1e5df
├── [4.0K]  CVE-2020-27818
│   ├── [ 342]  enable_asan.patch
│   ├── [  80]  poc.png
│   ├── [1.8K]  poc.py
│   └── [ 602]  README.md
├── [4.0K]  multiple-bugs-2.4.0
│   ├── [ 39K]  poc-disc.mng
│   ├── [ 39K]  poc-drop.mng
│   ├── [ 39K]  poc-need.mng
│   ├── [ 44K]  poc-past.mng
│   ├── [5.1K]  poc.py
│   ├── [ 39K]  poc-save.mng
│   ├── [  84]  poc-scal.png
│   ├── [ 39K]  poc-seek.mng
│   └── [ 820]  README.md
└── [  17]  README.md

2 directories, 14 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!