{"id":"CVE-2020-18652","details":"Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.","modified":"2026-04-11T11:23:17.614408Z","published":"2023-08-22T19:15:55.423Z","related":["ALSA-2024:3066","SUSE-SU-2023:3518-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"},{"type":"REPORT","url":"https://gitlab.freedesktop.org/libopenraw/exempi/issues/12"},{"type":"FIX","url":"https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/libopenraw/exempi","events":[{"introduced":"0"},{"last_affected":"ba6698c39da63b0cbe4742389d31bf4de8716de0"},{"fixed":"acee2894ceb91616543927c2a6e45050c60f98f7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.0"}]}}],"versions":["2.1.1","2.2.0","2.2.1","2.5.0","adobe-4.1.1","exempi-1.99.0","exempi-1.99.1","exempi-1.99.2","exempi-1.99.3","exempi-1.99.4","exempi-1.99.5","exempi-1.99.6","exempi-1.99.7","exempi-1.99.8","exempi-1.99.9","exempi-2.0.0","exempi-2.1.0"],"database_specific":{"vanir_signatures":[{"target":{"function":"VP8XChunk::VP8XChunk","file":"XMPFiles/source/FormatSupport/WEBP_Support.cpp"},"signature_version":"v1","signature_type":"Function","digest":{"length":506,"function_hash":"287489629788518566746366652779894257635"},"id":"CVE-2020-18652-40e223e3","source":"https://gitlab.freedesktop.org/libopenraw/exempi@acee2894ceb91616543927c2a6e45050c60f98f7","deprecated":false},{"target":{"file":"XMPFiles/source/FormatSupport/WEBP_Support.cpp"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["19290389321265225874426330470930240808","11227025886656892332355393183387779029","46726694244881865389308129605577474543","190687311370935777541703537973506947079","2014808226921614575823072012764346177","246110405176998061242691812275757246192"]},"id":"CVE-2020-18652-4be099bb","source":"https://gitlab.freedesktop.org/libopenraw/exempi@acee2894ceb91616543927c2a6e45050c60f98f7","deprecated":false}],"vanir_signatures_modified":"2026-04-11T11:23:17Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-18652.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}