1. Home
  2. CVE Database
  3. CVE-2020-0499
MEDIUM · 4.3

CVE-2020-0499

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional exec...

Vulnerability Description

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
GoogleAndroid11.0
DebianDebian Linux9.0
FedoraprojectFedora32

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2020-0499?

CVE-2020-0499 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional exec...

How severe is CVE-2020-0499?

CVE-2020-0499 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-0499?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Debian Debian Linux, Fedoraproject Fedora.