{"id":"CVE-2020-28163","details":"libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.","modified":"2026-04-10T09:50:38.677866Z","published":"2023-04-16T00:15:07.313Z","references":[{"type":"WEB","url":"http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"},{"type":"ADVISORY","url":"https://www.prevanders.net/dwarfbug.html#DW202010-003"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026000"},{"type":"FIX","url":"https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/davea42/libdwarf-code","events":[{"introduced":"0"},{"fixed":"414d227945bb461192e162dec547e4dbe8f0457e"},{"fixed":"faf99408e3f9f706fc3809dd400e831f989778d3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"20201201"}]}}],"versions":["20110113","20110605","20110607","20110612","20110908","20111009","20111030","20111214","20120410","20121127","20121130","20130125","20130126","20130207","20130729","20130729-b","20140131","20140208","20140413","20140519","20140805","20150112","20150115","20150310","20150507","20150913","20150915","20151114","20160116","20160507","20160613","20160923","20160929","20161001","20161021","20161124","20170416","20170709","20180129","20180527","20180723","20180724","20180809","20181024","20190505","20190529","20191002","20191104","20200114","20200703","20200719","20200825","20201020"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2020-12-01"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28163.json","vanir_signatures_modified":"2026-04-10T09:50:38Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["39757867755508855599357251662335222116","168951112543562491899277066726292992798","282749259241874964783435342518303774442","247520410751051133495361171056516653359","37573795038650590326582531900254823284","89882302238465354920796403998745351678","320258111385262438712067207907612855477","270060266717424680479238435082887104936","56234802902634797532715352227486076350","180734698050974572913711272259274696407","299208918402968666624532640104675930875","149765863945872408991286749430983362011","251707489805777673602737468494118586220","284852265747504771826593234395311001685","304809923676317775812619857009629692149","257909515931093135862381473343934113950","118833851096584963664770641960795055885","80937753395734395708350975742203564969","144984083339472422166954944589954211454","326284635693336990724578253846049749881","153904064092893760894335827690011337719","249802587826805570133149424778645598354","262210705323390054945831344400663535631","310255347027914265961468375045998337959","175433042041504189880838674952566748862","150717925571910808986304335313014192232","317423604334724850395173424367912012356","118521575644218329653000311284248244305","313003284895685608786427651555553892324","280127658401844091562709781285274171459","142654945070655460597297272669297254512","171182140575752066324821492696848989169","64184199794284451342207949166099298049","340203780278294658047030458262590661797","88059403818349318472195521420983004637","239850346390381346736220009121406555099","255675919837080448196369202481480838638","171333467627892540092864366869643122344","43478898303630548076911399555667916339","174463514788706407111058007316384356805","172254557065384418970663454103061853064","253588693128284294320059812977451388504","242728758346978343233617785101748612559","43304781673364482506341975369945023261","124685864282425475514406302139453176700","294747788820001279187669522312894233395","45121080075641105588521253351472366578","260744747964841710432945712028633345283","47318856895832109971619423910315154630","255288812484604073083617282984248873745","138562776287116998913115934074133786317","41081695094652157669529951672284972499","198472625336059480935427038491101489672","157172635554071928483490930476003042139","192520742053873698972594400310509719744","204527573905211408383109440688970079732","290465023138791771487312943611054188458","216571940776258148007721530831053419212"],"threshold":0.9},"source":"https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3","id":"CVE-2020-28163-976241a1","signature_type":"Line","target":{"file":"libdwarf/dwarf_print_lines.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"248540983837255728850763059232230183248","length":1846},"source":"https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3","id":"CVE-2020-28163-a6d2f418","signature_type":"Function","target":{"file":"libdwarf/dwarf_print_lines.c","function":"print_just_file_entry_details"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}