Lucene search

MitreCVE-2020-21722

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2020-21722

2023-08-2219:16:17

CWE-416

mitre

web.nvd.nist.gov

cve-2020-21722

buffer overflow

oggvideotools

remote code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.

Affected configurations

Nvd

Node

ogg_video_tools_projectogg_video_toolsMatch0.9.1

VendorProductVersionCPE
ogg_video_tools_projectogg_video_tools0.9.1cpe:2.3:a:ogg_video_tools_project:ogg_video_tools:0.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ogg_video_tools_project	ogg_video_tools	0.9.1	cpe:2.3:a:ogg_video_tools_project:ogg_video_tools:0.9.1:::::::*

References

github.com/xiaoxiongwang/security/tree/master/oggvideotools#segv-and-heap-use-after-free-detected-in-line-17-of-streamextractorcpp

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E3JKOO7D6Y2SW2TQB5JDVG7I4Y3UFGW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LO6NXK73PNR4KAAHLXAGPWJAPP772IOD/

sourceforge.net/p/oggvideotools/bugs/11/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

Related for CVE-2020-21722