Lucene search

Ubuntu.comUB:CVE-2020-21723

HistoryAug 22, 2023 - 12:00 a.m.

CVE-2020-21723

2023-08-2200:00:00

ubuntu.com

cve-2020-21723

segmentation fault

streamserializer

deny of service

crafted ogg file

unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.7%

JSON

A Segmentation Fault issue discovered StreamSerializer::extractStreams
function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote
attackers to cause a denial of service (crash) via opening of crafted ogg
file.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchoggvideotools< anyUNKNOWN
ubuntu20.04noarchoggvideotools< anyUNKNOWN
ubuntu22.04noarchoggvideotools< anyUNKNOWN
ubuntu24.04noarchoggvideotools< anyUNKNOWN
ubuntu16.04noarchoggvideotools< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	oggvideotools	< any	UNKNOWN
ubuntu	20.04	noarch	oggvideotools	< any	UNKNOWN
ubuntu	22.04	noarch	oggvideotools	< any	UNKNOWN
ubuntu	24.04	noarch	oggvideotools	< any	UNKNOWN
ubuntu	16.04	noarch	oggvideotools	< any	UNKNOWN

References

github.com/xiaoxiongwang/security/tree/master/oggvideotools#segv-occurs-in-function-streamserializerextractstreams-in-streamserializercpp

launchpad.net/bugs/cve/CVE-2020-21723

nvd.nist.gov/vuln/detail/CVE-2020-21723

security-tracker.debian.org/tracker/CVE-2020-21723

sourceforge.net/p/oggvideotools/bugs/10/

www.cve.org/CVERecord?id=CVE-2020-21723

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.7%

JSON

Related for UB:CVE-2020-21723