VDB
CVE-2020-36646
CVE-2020-36646
PUBLISHED
A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.
EPSS 2.58% · 85.9th percentile
Risk Scores
EPSS Score
2.58%
85.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | libzen | 0, 0.4.37-1, 0.4.37-1build1 |
| Ubuntu:Pro:14.04:LTS | libzen | 0, 0.4.29-1 |
| Ubuntu:18.04:LTS | libzen | 0, 0.4.36-1, 0.4.37-1 |
| Ubuntu:Pro:16.04:LTS | libzen | 0, 0.4.32-1ubuntu0.16.04.1, 0.4.29-1ubuntu2 |
Exploit Intelligence
Timeline
- Jan 7, 2023 CVE Published
- Jan 8, 2023 EPSS Score
- Feb 18, 2023 EPSS Score
- Mar 31, 2023 EPSS Score
- May 11, 2023 EPSS Score
- Jun 21, 2023 EPSS Score
- Aug 1, 2023 EPSS Score
- Oct 22, 2023 EPSS Score
- Dec 2, 2023 EPSS Score
- Jan 12, 2024 EPSS Score
- Feb 22, 2024 EPSS Score
- May 14, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36646 third-party-advisory
- https://github.com/MediaArea/ZenLib/pull/119 third-party-advisory
- https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 third-party-advisory
- https://github.com/MediaArea/ZenLib/releases/tag/v0.4.39 third-party-advisory
- https://vuldb.com/?ctiid.217629 third-party-advisory
- https://vuldb.com/?id.217629 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36646 third-party-advisory
- https://ubuntu.com/security/notices/USN-6048-1 vendor-advisory