CVE-2020-13999

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libEMF (aka ECMA-234 Metafile Library) version 1.0.12

Description The issue allows an integer overflow and denial of service via a crafted EMF file. This is caused by the ScaleViewPortExtEx function in libemf.cpp.

Recommendations For libEMF (aka ECMA-234 Metafile Library) version 1.0.12, consider avoiding the use of crafted EMF files until a patch is available. As a temporary workaround, restrict the processing of EMF files to minimize the risk of exploitation.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2020-2190

ALT-PU-2024-16856

CVE-2020-13999

OESA-2021-1376

OPENSUSE-SU-2022_3191-1

OPENSUSE-SU-2024:10916-1

SUSE-SU-2022:3190-1

SUSE-SU-2022:3191-1

SUSE-SU-2022_3190-1

Affected Products

Alt Linux

Suse

Libemf

CVE-2020-13999

Weakness Enumeration

Related Identifiers

Affected Products

References · 29