CVE-2020-6082

{"id": "CVE-2020-6082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-05-06T13:15:14.867", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1004", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escritura fuera de l\u00edmites explotable en la funci\u00f3n ico_read de la biblioteca igcore19d.dll de Accusoft ImageGear versi\u00f3n 19.6.0. Un archivo ICO especialmente dise\u00f1ado puede causar una escritura fuera de l\u00edmites, resultando en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante necesita proporcionar un archivo con formato malformado a la v\u00edctima para desencadenar la vulnerabilidad."}], "lastModified": "2022-07-28T17:12:54.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accusoft:imagegear:19.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17081D14-2B69-452B-8340-3E2D88D2D0D8"}, {"criteria": "cpe:2.3:a:accusoft:imagegear:19.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "666E2315-F21D-4B6E-85F7-D991F6D878A7"}, {"criteria": "cpe:2.3:a:accusoft:imagegear:19.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86FE43FE-C3BB-49A3-A9C7-98390B126CBE"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}