CVE-2020-18652 — Out-of-bounds Write in Project Exempi

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

2.2%

top 15.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exempi Project Exempi

Timeline

PublishedAug 22

Description

Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianexempi_project/exempi< 2.5.1-1+3

▶NVDexempi_project/exempi2.5.0

Patches

Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

OSV

CVE-2020-18652: Buffer Overflow vulnerability in WEBP_Support↗2023-08-22

▶

GHSA

GHSA-fm7g-gm7p-w792: Buffer Overflow vulnerability in WEBP_Support↗2023-08-22

▶

CVEList

CVE-2020-18652: Buffer Overflow vulnerability in WEBP_Support↗2023-08-22

▶

📋Vendor Advisories

Red Hat

exempi: denial of service via opening of crafted webp file↗2023-08-22

▶

Debian

CVE-2020-18652: exempi - Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier al...↗2020

▶