CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-46259: cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.

7.8 CVSS

Description

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.

Classification

CVE ID: CVE-2024-46259

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.06% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46259
https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11
https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.md
https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/poc
https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/poc/sample6.png
https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.assets/image-20240527232602298.png

Timeline

2025-03-18 17:40:18 UTC
CVE

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.