Vulnerability Details : CVE-2017-2920
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2017-2920
- cpe:2.3:a:pl32:photoline:20.02:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2920
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2920
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Talos | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-2920
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2920
-
https://security.gentoo.org/glsa/201908-26
libofx: Multiple vulnerabilities (GLSA 201908-26) — Gentoo securityThird Party Advisory
-
https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
Fix a buffer overflow. · libofx/libofx@a70934e · GitHubPatch;Third Party Advisory
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0427
TALOS-2017-0427 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Technical Description;Third Party Advisory
-
http://www.securityfocus.com/bid/101186
Computerinsel Photoline CVE-2017-2920 Out-Of-Bounds Write Remote Code Execution VulnerabilityBroken Link
Jump to