CVE-2020-10251

{"id": "CVE-2020-10251", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-03-10T04:15:11.533", "references": [{"url": "https://github.com/ImageMagick/ImageMagick/issues/1859", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ImageMagick/ImageMagick/issues/1859", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image."}, {"lang": "es", "value": "ImageMagick versi\u00f3n 7.0.9, tiene una vulnerabilidad de lectura fuera de l\u00edmites dentro de la funci\u00f3n ReadHEICImageByID en el archivo coders\\heic.c. Puede ser desencadenada por medio de una imagen con un valor de anchura o altura que exceda el tama\u00f1o real de la imagen."}], "lastModified": "2024-11-21T04:55:04.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A044015-839F-4D63-A002-1F7806C41365"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}