Lucene search

K

GoogleOSV:CVE-2020-25693

HistoryDec 03, 2020 - 5:15 p.m.

CVE-2020-25693

2020-12-0317:15:12

Google

osv.dev

3

cimg

integer overflows

heap buffer overflows

load_pnm

application availability

data integrity

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.4%

A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.

References

bugzilla.redhat.com/show_bug.cgi?id=1893377

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERBZALTF7LXN2LZLPGAUSVMV53GHHTUC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MJ5Q7NNUPXATTBUKHFKIYYAV5GJDYCZL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZ3NPLYXZWEL7HETIFZVCXEZZ2WYYRWA/

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.4%

Related for OSV:CVE-2020-25693

fedora6 ubuntucve1 openvas8 cve1 nvd1 osv1 debian1 prion1 archlinux1 redhatcve1 nessus1 debiancve1 cvelist1 mageia1 gitlab1