Vulnerability Details CVE-2020-36152
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/hoene/libmysofa/issues/136
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/
- https://github.com/hoene/libmysofa/issues/136
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/
Products affected by CVE-2020-36152
-
cpe:2.3:a:symonics:libmysofa:0.5
-
cpe:2.3:a:symonics:libmysofa:0.6
-
cpe:2.3:a:symonics:libmysofa:0.7
-
cpe:2.3:a:symonics:libmysofa:0.8
-
cpe:2.3:a:symonics:libmysofa:0.9
-
cpe:2.3:a:symonics:libmysofa:0.9.1
-
cpe:2.3:a:symonics:libmysofa:1.0
-
cpe:2.3:a:symonics:libmysofa:1.1
-
cpe:2.3:o:fedoraproject:fedora:32