CVE-2020-1917
EUVD-2020-1273810.03.2021, 16:15
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| hhvm | 𝑥 < 4.56.3 | |
| hhvm | 4.57.0 ≤ 𝑥 < 4.80.2 | |
| hhvm | 4.81.0 ≤ 𝑥 < 4.93.2 | |
| hhvm | 4.94.0 | |
| hhvm | 4.95.0 | |
| hhvm | 4.96.0 | |
| hhvm | 4.97.0 | |
| hhvm | 4.98.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.