CVE-2020-13999 — Integer Overflow or Wraparound in Project Libemf

CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 43.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libemf Project Libemf Fedoraproject Fedora

Timeline

PublishedJun 15

Latest updateMay 24

Description

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianlibemf_project/libemf< 1.0.13-1+3

▶NVDlibemf_project/libemf1.0.12

Also affects: Fedora 31, 32

🔴Vulnerability Details

GHSA

GHSA-gg66-2489-7gr5: ScaleViewPortExtEx in libemf↗2022-05-24

▶

CVEList

CVE-2020-13999: ScaleViewPortExtEx in libemf↗2020-06-15

▶

OSV

CVE-2020-13999: ScaleViewPortExtEx in libemf↗2020-06-15

▶

📋Vendor Advisories

Red Hat

libemf: Integer overflow which could result in denial of service↗2020-06-15

▶

Debian

CVE-2020-13999: libemf - ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.1...↗2020

▶

💬Community

Bugzilla

CVE-2020-13999 libemf: Integer overflow which could result in denial of service↗2020-06-23

▶

Bugzilla

CVE-2020-13999 libEMF: Integer overflow which could result in denial of service [fedora-all]↗2020-06-23

▶