CVE-2020-1917

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 4.56.3 HHVM versions 4.57.0 through 4.80.1 HHVM versions 4.81.0 through 4.93.1 HHVM versions 4.94.0 through 4.98.0

Description: The xbuf format converter, used as part of exif read data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write.

Recommendations: For versions prior to 4.56.3, update to version 4.56.3 or later. For versions 4.57.0 through 4.80.1, update to version 4.80.2 or later. For versions 4.81.0 through 4.93.1, update to version 4.93.2 or later. For versions 4.94.0 through 4.98.0, update to a version later than 4.98.0. At the moment, there is no information about a newer version that contains a fix for this vulnerability.