CVE-2020-23909 — Vulnetix

CVE-2020-23909 PUBLISHED

Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.

EPSS 0.03% · 9.9th percentile

Risk Scores

EPSS Score

0.03%

9.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	cloop	3.14.1.2ubuntu1, 0
Ubuntu:24.04:LTS	advancecomp	2.5-1, 0, 2.5-1build1
Ubuntu:25.10	cloop	3.14.1.3+nmu1, 0
Ubuntu:Pro:16.04:LTS	advancecomp	1.20-1ubuntu0.2+esm2, 0, 1.19-1
Ubuntu:20.04:LTS	cloop	0, 3.14.1.2ubuntu3, 3.14.1.2ubuntu1
Ubuntu:16.04:LTS	cloop	3.14.1.2ubuntu1, 0, 2.6.39.2-1ubuntu3
Ubuntu:20.04:LTS	advancecomp	2.1-2.1ubuntu0.20.04.1, 0, 2.1-2.1
Ubuntu:24.04:LTS	cloop	3.14.1.3+nmu1, 0
Ubuntu:22.04:LTS	cloop	3.14.1.3, 0
Ubuntu:25.10	advancecomp	2.5-1build1, 0
Ubuntu:18.04:LTS	advancecomp	0, 2.0-1, 2.1-1
Ubuntu:22.04:LTS	advancecomp	2.1-2.1ubuntu1, 2.1-2.1ubuntu2.1, 2.1-2.1ubuntu2

Exploit Intelligence

https://sourceforge.net/p/advancemame/bugs/285/ (nist-nvd)

Timeline

Jul 18, 2023 CVE Published
Jul 19, 2023 EPSS Score
Aug 22, 2023 EPSS Score
Sep 26, 2023 EPSS Score
Oct 30, 2023 EPSS Score
Dec 3, 2023 EPSS Score
Jan 7, 2024 EPSS Score
Feb 10, 2024 EPSS Score
Mar 15, 2024 EPSS Score
Apr 19, 2024 EPSS Score
May 23, 2024 EPSS Score
Jun 26, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2020-23909 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-23909 third-party-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›