CVE-2020-19490

Exploit

EPSS 0.17%
Veröffentlicht 21.07.2021 18:15:08
Zuletzt bearbeitet 21.11.2024 05:09:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tinyexr Project ≫ Tinyexr Version0.9.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.342

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270

Patch

Third Party Advisory

https://github.com/syoyo/tinyexr/issues/124

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-19490

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-19490

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-19490

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-19490