CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
84.5%
Release notes:
Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others:
CVE-2016-6328: fixed integer overflow when parsing maker notes
CVE-2017-7544: fixed buffer overread
CVE-2018-20030: Fix for recursion DoS
CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs
CVE-2020-0093: read overflow
CVE-2020-12767: fixed division by zero
CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
CVE-2020-13113: Potential use of uninitialized memory
CVE-2020-13114: Time consumption DoS when parsing canon array markers
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
84.5%