CVE-2020-1917

Summary

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Affected Software

VendorProductVersion RangeStatus
FacebookHHVM4.98.1 < unspecifiedunaffected
FacebookHHVM4.98.0affected
FacebookHHVM4.97.1 < unspecifiedunaffected
FacebookHHVM4.97.0affected
FacebookHHVM4.96.1 < unspecifiedunaffected
FacebookHHVM4.96.0affected
FacebookHHVM4.95.1 < unspecifiedunaffected
FacebookHHVM4.95.0affected
FacebookHHVM4.94.1 < unspecifiedunaffected
FacebookHHVM4.94.0affected
FacebookHHVM4.93.2 < unspecifiedunaffected
FacebookHHVM4.81.0 < unspecifiedaffected
FacebookHHVM4.80.2 < unspecifiedunaffected
FacebookHHVM4.57.0 < unspecifiedaffected
FacebookHHVM4.56.3 < unspecifiedunaffected
FacebookHHVMunspecified < 4.56.3affected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow (CWE-122)

ADP Enrichment

CVE Program Container

Additional References

References