{"id":"CVE-2020-1917","details":"xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.","modified":"2026-02-21T07:32:22.870770Z","published":"2021-03-10T16:15:14.313Z","references":[{"type":"ADVISORY","url":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"},{"type":"ADVISORY","url":"https://hhvm.com/blog/2021/02/25/security-update.html"},{"type":"FIX","url":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hhvm","events":[{"introduced":"0"},{"fixed":"08193b7f0cd3910256e00d599f0f3eb2519c44ca"},{"introduced":"75407bf7bfdd694f18e2660c4e78aeeacb07b622"},{"fixed":"f1dfafe82316eb0cb9b4c430dc2949a18296fd1b"},{"introduced":"ce87598e3c65a922a6e25c7119e2446f1fa6a4b6"},{"fixed":"79a132194e1b4c1d7cb374b7b8a2bb74f11d08bf"}]}],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"length":804,"function_hash":"231541922683328977702299654062409521541"},"target":{"function":"HHVM_FUNCTION","file":"hphp/runtime/ext/string/ext_string.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-0aa8a92c","signature_version":"v1"},{"deprecated":false,"digest":{"length":1706,"function_hash":"296674619659925255028886412411189640428"},"target":{"function":"logToUSDT","file":"hphp/runtime/ext/strobelight/ext_strobelight.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-217e9507","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["175858273613805101694652743007024626161","333168716995591688600956860174174725664","229164033001702589638141180527710230752","242607794868199471530977091939516612419"]},"target":{"file":"hphp/runtime/ext/std/ext_std_file.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-222a0275","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["319517057754826242787689596683471001210","147271679474116665575163919994635483668","143901499551783554200943481219544729611","286207578961964542825380827053084973408","317333281483831010982552661815304846079","217447589277046825048685304886078739333","105162570172779070591328623912213493347","284146608779374618925369383112799221005","5355858725456098006530043055298220962"]},"target":{"file":"hphp/runtime/base/string-data-inl.h"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-29fd66f3","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["166318824727500359552855831850252518195","49798951412944969287031070451058293742","167847665771403031950395333516141802375","174417108818838197660724066038879527280"]},"target":{"file":"hphp/runtime/ext/sockets/ext_sockets.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-3cfd81ff","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["224168498843425374167705441644972012909","91644198291228241169439319745520727318","204107984143582896784219386537746212953","264872528270857522219053662914626293481","188288630128332861733822243320373758869","65415194576104425828998070185581652385"]},"target":{"file":"hphp/zend/zend-printf.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-4f5a77fb","signature_version":"v1"},{"deprecated":false,"digest":{"length":1684,"function_hash":"338881536876586480774818660376688941200"},"target":{"function":"set_sockaddr","file":"hphp/runtime/ext/sockets/ext_sockets.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-50b07dd8","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["114214535413380827657111370921917589157","166295115478255213267288604808927286413","337198269310718649054343161692561172916","317915948134582992559857764100566724712","121784621892997116464896520427028451293","282721632966562206911603463182427424963","86841137666070060293872126381779423380","234217928977252635265272191783889128469","190620642117225810125904801393647961802","312054837688965834899931816719642490241","208403628995824814588300241064886673109"]},"target":{"file":"hphp/runtime/ext/string/ext_string.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-53c200bd","signature_version":"v1"},{"deprecated":false,"digest":{"length":475,"function_hash":"314541514502086594909502835742672930069"},"target":{"function":"MemFile::seek","file":"hphp/runtime/base/mem-file.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-5a1d93de","signature_version":"v1"},{"deprecated":false,"digest":{"length":1012,"function_hash":"162013863829912412695631272734450231290"},"target":{"function":"preg_quote","file":"hphp/runtime/base/preg.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-6dda6dfa","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["117130631625362125374404902761149653631","125298798078659001668954005101248048231","167836213993974169863605019681013660572","37903480730437959663346881426622022383"]},"target":{"file":"hphp/zend/zend-string.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-83453b58","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["333290057892826519502290583704801516826","215365068172160674663527408582297826115","252015681811295758166469595085168630558","119088290247309757461025657833851018248","176978386035683063105689708198150060024","104283557923542370691859809997828272832","56164276920378947031061153932114021116","216507674827227588492169669836731629255","53259819309648313019060275724754351450"]},"target":{"file":"hphp/runtime/base/string-data.h"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-86d1439e","signature_version":"v1"},{"deprecated":false,"digest":{"length":333,"function_hash":"217044411193589900381965166043782856433"},"target":{"function":"HHVM_FUNCTION","file":"hphp/runtime/ext/std/ext_std_file.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-89fb8489","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["227197025776611435514766817439232030137","174952894475033226474115065298911332907","325448924024253330791240800257927446436","59671149537358873089492004686217150438"]},"target":{"file":"hphp/runtime/ext/std/ext_std_variable.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-8a5fd792","signature_version":"v1"},{"deprecated":false,"digest":{"length":1362,"function_hash":"207186935421098775552186413868622146095"},"target":{"function":"php_openssl_validate_iv","file":"hphp/runtime/ext/openssl/ext_openssl.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-8bd6bf51","signature_version":"v1"},{"deprecated":false,"digest":{"length":1489,"function_hash":"107425036347634382386286559800922147507"},"target":{"function":"exif_scan_thumbnail","file":"hphp/runtime/ext/gd/ext_gd.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-911fdc0e","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["86123253390548430014955761452902441997","13395083059725272318110847968045779259","136946500579005801278905764052415299022","283277984047822783910215500634658118267"]},"target":{"file":"hphp/runtime/ext/gd/ext_gd.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-95fd63f4","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["221592429873641936563789543946763563006","245451832070687772359604727911701553008","228521589752481566764354099713019208731","183978219758900438130298324102932782776","191839459069608202444315019199469932319"]},"target":{"file":"hphp/runtime/ext/hotprofiler/ext_hotprofiler.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-9da50a37","signature_version":"v1"},{"deprecated":false,"digest":{"length":1248,"function_hash":"52270545854423910183742541675818099261"},"target":{"function":"string_crypt","file":"hphp/zend/zend-string.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-a92165c0","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["219857856471235800012758232502943627612","137667947755400408435804497523262929306","56695284754312515472465646385896999775","216187944922495862211881139387225232251","219160560747905232329640264250853592184","54215737003012961490915006855427372953","29160505852404966018030665353246220426","9612036663886797900471451913979649811","62155960225799311080762397549651285278","86689430647256623514877626072168510254","320070862510210793396826140287213866872","49761466243874919102024482677753470234","252669099177066870612737689260621765665","116038890695993745273448139430389513470","302943200745199608941564143009873101291","306799779193331431480469267109861405375","228056120120562193132405196785197336669","138933897981826006145480333627071247898","138231817352315536210436142802194263230","208407771966282604764043928381662435163","154480876639212000885689185175688437135","200488752926009469948593647635974998486","168929408749433411094642285338451982116"]},"target":{"file":"hphp/runtime/base/mem-file.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-aab60d96","signature_version":"v1"},{"deprecated":false,"digest":{"length":8928,"function_hash":"217250058036648036535232800122396379162"},"target":{"function":"xbuf_format_converter","file":"hphp/zend/zend-printf.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-ae7f78d4","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["260096582061990730330363101661648644871","150198613823513126491149361350745555265","38105548737676174370535952898540824332","77089879582412974470355498851374418055","15989230918217611380711886914667120172","24284486158588787720896808881602396509","336757619118931825620929809654413497511","34017466872114901847639814619157993410","200260975984477698812740055800077654347","63545619553949581245797495697591808928","3632982811553897978420145565613861743","120702287628377252208372642198353064883","221075618042127030691721178192397648914"]},"target":{"file":"hphp/runtime/ext/strobelight/ext_strobelight.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-b0070254","signature_version":"v1"},{"deprecated":false,"digest":{"length":305,"function_hash":"250237686805717754445906545827012823606"},"target":{"function":"MemFile::readImpl","file":"hphp/runtime/base/mem-file.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-b79b54d8","signature_version":"v1"},{"deprecated":false,"digest":{"length":1699,"function_hash":"156299978203498550410542270101007751179"},"target":{"function":"serialize_impl","file":"hphp/runtime/ext/std/ext_std_variable.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-c0718158","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["129666091655412664526895204061347000056","160016981209223430753633911542719325687","113334605668934533256516010032469343227","140335216194151808759673220052749435881"]},"target":{"file":"hphp/runtime/version.h"},"source":"https://github.com/facebook/hhvm/commit/79a132194e1b4c1d7cb374b7b8a2bb74f11d08bf","signature_type":"Line","id":"CVE-2020-1917-c1b0da8a","signature_version":"v1"},{"deprecated":false,"digest":{"length":1359,"function_hash":"123380983931980390839885825242088741216"},"target":{"function":"HHVM_FUNCTION","file":"hphp/runtime/ext/mcrypt/ext_mcrypt.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Function","id":"CVE-2020-1917-c3c2f978","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["135676760673253630310053021287554103737","119531440130351790625844054738874178693","115118795547407335264870985338694295345","235473432894776477757842301961081402286","143655116076381834396121867659166786365","67026642171641261079216677483145309843","97275219169922431683044824938330710868","302553828547393267656080924960720710030","59281161923763100689253095717394587054","269733743008787278976697727577692347825","22973653431157145227535255728237701278"]},"target":{"file":"hphp/runtime/ext/mcrypt/ext_mcrypt.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-ca24a28b","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["37648826774284908189737564661752836324","97647651131215823960451468592672760575","157826719057088166832224280447011075834","225944074265128732638647907294734482048","311426279424550442740033440540211577085","179355305665490242313511320346907108229","198546124864446988299924336789920909525","131652704644437823079847276337017044138"]},"target":{"file":"hphp/runtime/ext/openssl/ext_openssl.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-da3739ee","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["112036728586050989651194236826169055871","41703590745587016313536149349570208870","41093288957220018556014819069198117056","193420672164350432607563479837135923061","78824073045334487111077191584931966177","335199195309132817406621886071998957420","117791152848002612914966874369007423248","22303256314802928453100212163463620980","12799570867735480123962618480897108900","310817599639488063812638205226588496146","81064550782676310263356156199337957839","226862356007425700031441198024498831612"]},"target":{"file":"hphp/runtime/base/type-string.h"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-e6d9f43d","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["231544693829570069917217025785122379754","48854572171412557768836237377339709298","248815804019804088593315192906474727399"]},"target":{"file":"hphp/runtime/base/preg.cpp"},"source":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","signature_type":"Line","id":"CVE-2020-1917-ebdc03fd","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["113046116321680617747245693795541230100","144308374999532882378444052369408126281","113334605668934533256516010032469343227","140335216194151808759673220052749435881"]},"target":{"file":"hphp/runtime/version.h"},"source":"https://github.com/facebook/hhvm/commit/f1dfafe82316eb0cb9b4c430dc2949a18296fd1b","signature_type":"Line","id":"CVE-2020-1917-f49b6833","signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1917.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}