Lucene search

[email protected]NVD:CVE-2020-21722

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2020-21722

2023-08-2219:16:17

CWE-416

[email protected]

web.nvd.nist.gov

buffer overflow

oggvideotools

remote code execution

cve-2020-21722

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.0%

JSON

Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.

Affected configurations

Nvd

Node

ogg_video_tools_projectogg_video_toolsMatch0.9.1

VendorProductVersionCPE
ogg_video_tools_projectogg_video_tools0.9.1cpe:2.3:a:ogg_video_tools_project:ogg_video_tools:0.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ogg_video_tools_project	ogg_video_tools	0.9.1	cpe:2.3:a:ogg_video_tools_project:ogg_video_tools:0.9.1:::::::*

References

github.com/xiaoxiongwang/security/tree/master/oggvideotools#segv-and-heap-use-after-free-detected-in-line-17-of-streamextractorcpp

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E3JKOO7D6Y2SW2TQB5JDVG7I4Y3UFGW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LO6NXK73PNR4KAAHLXAGPWJAPP772IOD/

sourceforge.net/p/oggvideotools/bugs/11/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.0%

JSON

Related for NVD:CVE-2020-21722

nessus2 cvelist1 ubuntucve1 prion1 debiancve1 cve1 openvas2 fedora2