{"id":"CVE-2018-20541","details":"There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).","modified":"2026-04-11T18:21:47.990561Z","published":"2018-12-28T16:29:04.643Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:libxsmm_project:libxsmm:1.10:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"1.10"}]}]},"references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652632"},{"type":"FIX","url":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d"},{"type":"FIX","url":"https://github.com/hfp/libxsmm/issues/287"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hfp/libxsmm","events":[{"introduced":"0"},{"fixed":"151481489192e6d1997f8bde52c5c425ea41741d"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"vanir_signatures_modified":"2026-04-11T18:21:47Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20541.json","vanir_signatures":[{"target":{"file":"src/generator_spgemm_csr_reader.c","function":"libxsmm_sparse_csr_reader"},"digest":{"function_hash":"253237323125577349990588301710073922474","length":2899},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Function","deprecated":false,"id":"CVE-2018-20541-42082ee1","signature_version":"v1"},{"target":{"file":"samples/edge/edge_proxy_common.c","function":"edge_sparse_csr_reader_double"},"digest":{"function_hash":"257932478644569493591294152135594238066","length":2305},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Function","deprecated":false,"id":"CVE-2018-20541-44059b59","signature_version":"v1"},{"target":{"file":"src/generator_spgemm_csr_reader.c"},"digest":{"threshold":0.9,"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","226469009479139064176779870339992460152","192626307265761018682685695128013722668","261546154635701793906232853738646677101","18508411805474619725990427461893891957","51501535861073324594083067657348697914","110807367558379506002077375399143442439","257165498594075926253907697244042964172"]},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Line","deprecated":false,"id":"CVE-2018-20541-5066215b","signature_version":"v1"},{"target":{"file":"samples/edge/edge_proxy_common.c"},"digest":{"threshold":0.9,"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","54720283948260693235784795782894161382","159871792082033176477973504123091930777"]},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Line","deprecated":false,"id":"CVE-2018-20541-914a6527","signature_version":"v1"},{"target":{"file":"samples/pyfr/pyfr_driver_asp_reg.c"},"digest":{"threshold":0.9,"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","54720283948260693235784795782894161382","217042301667030676819970089241851533120"]},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Line","deprecated":false,"id":"CVE-2018-20541-956a0ae8","signature_version":"v1"},{"target":{"file":"src/generator_spgemm_csc_reader.c"},"digest":{"threshold":0.9,"line_hashes":["241923795223860916277411171048424946468","107558474951648408386904201689056226698","283203830907550038709210239009337494119","18022234622339816638805531357357536949","291840242035544412416174133096187863902","18508411805474619725990427461893891957","4969517896670101590188015537595354571","291749407274234609554627974998776176771","205777411820530140292049990175321492587","206743855182286230386096444765258334159"]},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Line","deprecated":false,"id":"CVE-2018-20541-a58f01b5","signature_version":"v1"},{"target":{"file":"src/generator_spgemm_csc_reader.c","function":"libxsmm_sparse_csc_reader"},"digest":{"function_hash":"117423682803360476822542486759614065109","length":2899},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Function","deprecated":false,"id":"CVE-2018-20541-d0044958","signature_version":"v1"},{"target":{"file":"samples/pyfr/pyfr_driver_asp_reg.c","function":"my_csr_reader"},"digest":{"function_hash":"252726746632772907463537910857054546701","length":2342},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Function","deprecated":false,"id":"CVE-2018-20541-ee91e15d","signature_version":"v1"},{"target":{"file":"samples/edge/common_edge_proxy.h","function":"libxsmm_sparse_csr_reader"},"digest":{"function_hash":"288578049635566099234369255849468353491","length":2495},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Function","deprecated":false,"id":"CVE-2018-20541-f3f56076","signature_version":"v1"},{"target":{"file":"samples/edge/common_edge_proxy.h"},"digest":{"threshold":0.9,"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","54720283948260693235784795782894161382","217042301667030676819970089241851533120"]},"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","signature_type":"Line","deprecated":false,"id":"CVE-2018-20541-ffa602e8","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}