CVE-2020-22617 — Vulnetix

CVE-2020-22617 PUBLISHED

Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.

EPSS 0.78% · 74.0th percentile

Risk Scores

EPSS Score

0.78%

74.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	ardour	1:4.4~dfsg-1, 1:4.4~dfsg-2, 1:4.6~dfsg-1
Ubuntu:18.04:LTS	ardour	1:5.12.0-3, 0, 1:5.11.0-1
Ubuntu:20.04:LTS	ardour	0, 1:5.12.0-3, 1:5.12.0-3ubuntu2

Exploit Intelligence

https://tracker.ardour.org/view.php?id=7926 (circl)
https://github.com/Ardour/ardour/commit/96daa4036a (circl)

Timeline

Oct 8, 2021 CVE Published
Oct 9, 2021 EPSS Score
Dec 5, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 24, 2022 EPSS Score
Jul 20, 2022 EPSS Score
Nov 11, 2022 EPSS Score
Jan 6, 2023 EPSS Score
Mar 4, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-22617 third-party-advisory
https://tracker.ardour.org/view.php?id=7926 third-party-advisory
https://github.com/Ardour/ardour/commit/96daa4036a third-party-advisory
https://ubuntu.com/security/notices/USN-5110-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-22617 third-party-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›