Lucene search

[email protected]CVE-2020-23109

HistoryNov 03, 2021 - 5:15 p.m.

CVE-2020-23109

2021-11-0317:15:08

CWE-120

[email protected]

web.nvd.nist.gov

cve-2020-23109

buffer overflow

convert_colorspace

libheif

denial of service

sensitive information disclosure

crafted file

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.

Affected configurations

NVD

Node

strukturlibheifMatch1.6.2

CPENameOperatorVersion
struktur:libheifstruktur libheifeq1.6.2

CPE	Name	Operator	Version
struktur:libheif	struktur libheif	eq	1.6.2

References

github.com/strukturag/libheif/issues/207

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2020-23109

debiancve1 prion1 veracode1 nvd1 ubuntucve1 cnvd1 cvelist1 osv2 openvas2 nessus1 mageia1 ubuntu1