{"id":"CVE-2020-18651","details":"Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.","modified":"2026-01-31T16:43:42.800167Z","published":"2023-08-22T19:15:55.360Z","related":["ALSA-2024:3066","SUSE-SU-2023:3734-1","SUSE-SU-2023:3833-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"},{"type":"ADVISORY","url":"https://gitlab.freedesktop.org/libopenraw/exempi/issues/13"},{"type":"REPORT","url":"https://gitlab.freedesktop.org/libopenraw/exempi/issues/13"},{"type":"FIX","url":"https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f"},{"type":"EVIDENCE","url":"https://gitlab.freedesktop.org/libopenraw/exempi/issues/13"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/libopenraw/exempi","events":[{"introduced":"0"},{"fixed":"fdd4765a699f9700850098b43b9798b933acb32f"}]}],"versions":["2.1.1","2.2.0","2.2.1","2.2.2","2.3.0","2.5.0","adobe-4.1.1","exempi-1.99.0","exempi-1.99.1","exempi-1.99.2","exempi-1.99.3","exempi-1.99.4","exempi-1.99.5","exempi-1.99.6","exempi-1.99.7","exempi-1.99.8","exempi-1.99.9","exempi-2.0.0","exempi-2.0.1","exempi-2.1.0"],"database_specific":{"vanir_signatures":[{"source":"https://gitlab.freedesktop.org/libopenraw/exempi@fdd4765a699f9700850098b43b9798b933acb32f","deprecated":false,"target":{"file":"XMPFiles/source/FormatSupport/ID3_Support.cpp"},"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["191223537568591142256675037692688779551","22815773610043489497593345833893301183","257416147181737448390450475147056941294","11903588326941419545807853087990027803","116744771392808866718209162519708964747","235076022766644690207948933574498340573"]},"id":"CVE-2020-18651-3df736cc"},{"source":"https://gitlab.freedesktop.org/libopenraw/exempi@fdd4765a699f9700850098b43b9798b933acb32f","deprecated":false,"target":{"function":"ID3v2Frame::getFrameValue","file":"XMPFiles/source/FormatSupport/ID3_Support.cpp"},"signature_type":"Function","signature_version":"v1","digest":{"length":1442,"function_hash":"252093737416883736172584640969702210961"},"id":"CVE-2020-18651-f1085e3b"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-18651.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}