Vulnerability Details CVE-2020-13999
ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://libemf.sourceforge.net/index.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/555PIBSHDUZD26UCJ5DHCQ4W7RXEZC66/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVZXYNDM4YOONMXYPW2GTMIS6V6JBIL6/
- https://sourceforge.net/p/libemf/code/HEAD/tree/
- https://sourceforge.net/p/libemf/news/2020/06/release-of-libemf-1013/
- https://sourceforge.net/projects/libemf/
- http://libemf.sourceforge.net/index.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/555PIBSHDUZD26UCJ5DHCQ4W7RXEZC66/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVZXYNDM4YOONMXYPW2GTMIS6V6JBIL6/
- https://sourceforge.net/p/libemf/code/HEAD/tree/
- https://sourceforge.net/p/libemf/news/2020/06/release-of-libemf-1013/
- https://sourceforge.net/projects/libemf/
Products affected by CVE-2020-13999
-
cpe:2.3:a:libemf_project:libemf:1.0
-
cpe:2.3:a:libemf_project:libemf:1.0.11
-
cpe:2.3:a:libemf_project:libemf:1.0.12
-
cpe:2.3:a:libemf_project:libemf:1.0.4
-
cpe:2.3:a:libemf_project:libemf:1.0.5
-
cpe:2.3:a:libemf_project:libemf:1.0.6
-
cpe:2.3:a:libemf_project:libemf:1.0.7
-
cpe:2.3:a:libemf_project:libemf:1.0.8
-
cpe:2.3:a:libemf_project:libemf:1.0.9
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32