CVE-2020-24889

Опубликовано: 16 сент. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5.1

CVSS3: 7.8

Описание

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-apps/bionic	not-affected
esm-apps/focal	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	DNE
focal	not-affected
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-apps/bionic	not-affected
esm-apps/focal	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	DNE
focal	not-affected
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-apps/bionic	not-affected
esm-apps/focal	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	DNE
focal	not-affected
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-apps/bionic	not-affected
esm-apps/focal	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	DNE
focal	not-affected
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	0.18.8-1ubuntu0.3
devel	not-affected	0.19.5-1ubuntu1
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	0.18.8-1ubuntu0.3
esm-infra/focal	not-affected	0.19.5-1ubuntu1
esm-infra/xenial	not-affected	0.17.1-1ubuntu0.5
focal	not-affected	0.19.5-1ubuntu1
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-apps/bionic	not-affected
esm-apps/focal	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	DNE
focal	not-affected
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	DNE
esm-apps/bionic	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE
upstream	needs-triage
xenial	DNE

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2020-24889

EPSS

Процентиль: 76%

0.00931

Низкий

5.1 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

CVE-2020-24889

CVSS3: 5.3

redhat

больше 5 лет назад

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

CVE-2020-24889

CVSS3: 7.8

nvd

больше 5 лет назад

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

CVE-2020-24889

CVSS3: 7.8

debian

больше 5 лет назад

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNo ...

GHSA-8977-8gpx-7fcv

CVSS3: 7.8

github

больше 3 лет назад

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

EPSS

Процентиль: 76%

0.00931

Низкий

5.1 Medium

CVSS2

7.8 High

CVSS3

CVE-2020-24889

Описание

Пакет darktable

Пакет dcraw

Пакет exactimage

Пакет kodi

Пакет libraw

Пакет rawtherapee

Пакет ufraw

Пакет xbmc

Ссылки на источники

Связанные уязвимости