CVE-2020-18651 — Out-of-bounds Write in Project Exempi

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

2.2%

top 15.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exempi Project Exempi

Timeline

PublishedAug 22

Description

Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianexempi_project/exempi< 2.5.1-1+3

▶NVDexempi_project/exempi2.5.0

Patches

Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

CVEList

CVE-2020-18651: Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2↗2023-08-22

▶

OSV

CVE-2020-18651: Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2↗2023-08-22

▶

GHSA

GHSA-7ch9-xw7x-hf3m: Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2↗2023-08-22

▶

📋Vendor Advisories

Red Hat

exempi: denial of service via opening of crafted audio file with ID3V2 frame↗2023-08-22

▶

Debian

CVE-2020-18651: exempi - Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue...↗2020

▶