Vulnerability Details : CVE-2020-21723
A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2020-21723
- cpe:2.3:a:ogg_video_tools_project:ogg_video_tools:0.9.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-21723
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-21723
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2020-21723
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2020-21723
-
https://sourceforge.net/p/oggvideotools/bugs/10/
Ogg Video Tools / Bugs / #10 SEGV in function StreamSerializer::extractStreams() in streamSerializer.cppExploit;Third Party Advisory
-
https://github.com/xiaoxiongwang/security/tree/master/oggvideotools#segv-occurs-in-function-streamserializerextractstreams-in-streamserializercpp
Page not found · GitHub · GitHubBroken Link
Jump to