{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-17T23:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/libemf/mailman/libemf-devel/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/libemf/code/commit_browser"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/"}, {"name": "FEDORA-2020-c696d8604b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL/"}, {"name": "openSUSE-SU-2020:0831", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-11865", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/p/libemf/mailman/libemf-devel/", "refsource": "MISC", "url": "https://sourceforge.net/p/libemf/mailman/libemf-devel/"}, {"name": "https://sourceforge.net/p/libemf/code/commit_browser", "refsource": "MISC", "url": "https://sourceforge.net/p/libemf/code/commit_browser"}, {"name": "https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/", "refsource": "MISC", "url": "https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/"}, {"name": "FEDORA-2020-c696d8604b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL/"}, {"name": "openSUSE-SU-2020:0831", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:42:00.823Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/libemf/mailman/libemf-devel/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/libemf/code/commit_browser"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/"}, {"name": "FEDORA-2020-c696d8604b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL/"}, {"name": "openSUSE-SU-2020:0831", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-11865", "datePublished": "2020-05-11T15:10:45", "dateReserved": "2020-04-16T00:00:00", "dateUpdated": "2024-08-04T11:42:00.823Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libemf_project:libemf:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF8E6A09-2DEC-4266-ABEE-EBD6CDA15BD9", "versionEndIncluding": "1.0.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access."}, {"lang": "es", "value": "libEMF (tambi\u00e9n se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite un acceso a la memoria fuera de l\u00edmites."}], "id": "CVE-2020-11865", "lastModified": "2024-11-21T04:58:46.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-11T16:15:12.567", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/libemf/code/commit_browser"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/libemf/mailman/libemf-devel/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "url": "https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/libemf/code/commit_browser"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/libemf/mailman/libemf-devel/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "url": "https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libEMF: allows out-of-bounds memory access", "id": "1835806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835806"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access."], "name": "CVE-2020-11865", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libEMF", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2020-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-11865\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11865\nhttps://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/"], "statement": "libEMF is a C/C++ library which provides a drawing toolkit based on ECMA-234. The general purpose of this library is to create vector graphics files on POSIX systems which can be imported into OpenOffice.org or LibreOffice. Programs compiled with libEMF, output ECMA-234 graphics files locally which can be then imported into desktop applications. Therefore this out of bounds memory access flaw can only be triggered via maliciously written applications compiled with libEMF.", "threat_severity": "Moderate"}

{}