CVE-2020-15395 - Vulnerability Details - OpenCVE

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00466.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Mediaarea	Mediainfo

Configuration 1 [-]

cpe:2.3:a:mediaarea:mediainfo:20.03:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2603-1	libmediainfo security update
EUVD	EUVD-2020-7389	In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
Ubuntu USN	USN-5237-1	MediaInfoLib vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/
https://mediaarea.net/en/MediaInfo
https://sourceforge.net/p/mediainfo/bugs/1127/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-30T10:25:46

Updated: 2024-08-04T13:15:20.528Z

Reserved: 2020-06-30T00:00:00

Link: CVE-2020-15395

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-30T11:15:10.520

Modified: 2024-11-21T05:05:29.150

Link: CVE-2020-15395

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-17T02:06:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/mediainfo/bugs/1127/"}, {"tags": ["x_refsource_MISC"], "url": "https://mediaarea.net/en/MediaInfo"}, {"name": "FEDORA-2020-dec3658f55", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15395", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/p/mediainfo/bugs/1127/", "refsource": "MISC", "url": "https://sourceforge.net/p/mediainfo/bugs/1127/"}, {"name": "https://mediaarea.net/en/MediaInfo", "refsource": "MISC", "url": "https://mediaarea.net/en/MediaInfo"}, {"name": "FEDORA-2020-dec3658f55", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:20.528Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/mediainfo/bugs/1127/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mediaarea.net/en/MediaInfo"}, {"name": "FEDORA-2020-dec3658f55", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15395", "datePublished": "2020-06-30T10:25:46", "dateReserved": "2020-06-30T00:00:00", "dateUpdated": "2024-08-04T13:15:20.528Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediaarea:mediainfo:20.03:*:*:*:*:*:*:*", "matchCriteriaId": "27A84640-5700-45FA-B3BC-CD686CC2B23F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing)."}, {"lang": "es", "value": "En MediaInfoLib en MediaArea MediaInfo versi\u00f3n 20.03, se presenta una lectura excesiva del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n Streams_Fill_PerStream en el archivo Multiple/File_MpegPs.cpp (tambi\u00e9n se conoce como por un paso durante el an\u00e1lisis de MpegPs)"}], "id": "CVE-2020-15395", "lastModified": "2024-11-21T05:05:29.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-30T11:15:10.520", "references": [{"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://mediaarea.net/en/MediaInfo"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/mediainfo/bugs/1127/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://mediaarea.net/en/MediaInfo"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/mediainfo/bugs/1127/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}