Vulnerability Details CVE-2019-20016
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f
- https://github.com/hoene/libmysofa/issues/83
- https://github.com/hoene/libmysofa/issues/84
- https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f
- https://github.com/hoene/libmysofa/issues/83
- https://github.com/hoene/libmysofa/issues/84
Products affected by CVE-2019-20016
-
cpe:2.3:a:symonics:libmysofa:0.1
-
cpe:2.3:a:symonics:libmysofa:0.2
-
cpe:2.3:a:symonics:libmysofa:0.3
-
cpe:2.3:a:symonics:libmysofa:0.4
-
cpe:2.3:a:symonics:libmysofa:0.5
-
cpe:2.3:a:symonics:libmysofa:0.6
-
cpe:2.3:a:symonics:libmysofa:0.7
-
cpe:2.3:a:symonics:libmysofa:0.8