Vulnerability Details : CVE-2019-10672
treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.
Vulnerability category: Input validation
Products affected by CVE-2019-10672
- cpe:2.3:a:symonics:libmysofa:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-10672
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-10672
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-10672
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-10672
-
https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1
Fixed security issue 1 · hoene/libmysofa@d39a171 · GitHubPatch;Third Party Advisory
-
https://github.com/hoene/libmysofa/releases/tag/v0.7
Release Make it better · hoene/libmysofa · GitHubRelease Notes;Third Party Advisory
-
https://github.com/hoene/libmysofa/compare/49aa1c7...2ed84bb
Comparing 49aa1c7...2ed84bb · hoene/libmysofa · GitHubRelease Notes;Third Party Advisory
-
https://usn.ubuntu.com/4033-1/
USN-4033-1: libmysofa vulnerability | Ubuntu security notices
Jump to