{"id":"CVE-2020-8003","details":"A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.","modified":"2026-04-11T17:01:34.769804Z","published":"2020-01-27T05:15:13.063Z","related":["openSUSE-SU-2024:11499-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/virgl/virglrenderer","events":[{"introduced":"0"},{"last_affected":"66c57963aaf09a1c41056bd2a001da1d51957a14"},{"fixed":"f9b079ccc319c98499111f66bd654fc9b56cf15f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.8.1"}]}}],"versions":["virglrenderer-0.2.0","virglrenderer-0.4.0","virglrenderer-0.5.0","virglrenderer-0.6.0","virglrenderer-0.7.0","virglrenderer-0.8.0","virglrenderer-0.8.1"],"database_specific":{"vanir_signatures":[{"digest":{"length":6225,"function_hash":"262258557035024037516116225103713521013"},"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@f9b079ccc319c98499111f66bd654fc9b56cf15f","id":"CVE-2020-8003-e2d1ad54","signature_type":"Function","signature_version":"v1","target":{"file":"src/vrend_renderer.c","function":"vrend_renderer_resource_allocate_texture"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["122308476843676081585363916104622967610","267045664415107434376456633217690052835","176843155411216635676780524478487435752","240300121594031413653417605394050236833","254057007199365354938219173373558246388","303622757520870391731207620632351748111","1768644521429643704109422838465241177","212500535148868183591686327083464861266"]},"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@f9b079ccc319c98499111f66bd654fc9b56cf15f","id":"CVE-2020-8003-e6e32acf","signature_type":"Line","signature_version":"v1","target":{"file":"src/vrend_renderer.c"},"deprecated":false}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8003.json","vanir_signatures_modified":"2026-04-11T17:01:34Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}