CVE-2020-1574 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 10 Version 1909
Severity
7.3HIGHNVD
EPSS
0.9%
top 23.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 17
Latest updateMay 24
Description
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.
Exploitation of the vulnerability requires that a program process a specially crafted image file.
The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9
Affected Packages9 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-454g-5jw2-mrmh: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs↗2022-05-24
GHSA▶
GHSA-pj97-g38f-3qg4: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs↗2022-05-24
GHSA▶
GHSA-48x7-3977-wh2q: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs↗2022-05-24