ALT-PU-2020-2638-1
Closed vulnerabilities
Published: 2020-06-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-15395
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/
- https://mediaarea.net/en/MediaInfo
- https://sourceforge.net/p/mediainfo/bugs/1127/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/
- https://mediaarea.net/en/MediaInfo
- https://sourceforge.net/p/mediainfo/bugs/1127/
Published: 2021-03-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-26797
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYI2372RLWYQVLSYD5PBI4YTXNMVDZCZ/
- https://sourceforge.net/p/mediainfo/bugs/1154/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYI2372RLWYQVLSYD5PBI4YTXNMVDZCZ/
- https://sourceforge.net/p/mediainfo/bugs/1154/