CVE-2020-18651
Description
A buffer overflow in Exempi 2.5.0 and earlier via a crafted ID3v2 frame in audio files causes a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in Exempi 2.5.0 and earlier via a crafted ID3v2 frame in audio files causes a denial of service.
Vulnerability
A buffer overflow vulnerability exists in the ID3_Support::ID3v2Frame::getFrameValue function of Exempi, a library for parsing XMP metadata. The flaw affects Exempi version 2.5.0 and earlier [1]. It is triggered when the library processes a specially crafted audio file containing an ID3v2 frame with excessive data, which overruns the internal buffer [2].
Exploitation
An attacker can exploit this vulnerability by delivering a malicious audio file with a crafted ID3v2 frame to a user or application that utilizes Exempi to parse media metadata. Successful exploitation requires no authentication beyond the ability to cause the file to be opened and processed by the vulnerable library. The attacker does not need any special network position if the file is opened via local access or through an application that downloads and processes media [1].
Impact
Successful exploitation leads to a buffer overflow, resulting in memory corruption and a crash of the application using Exempi. This constitutes a denial of service (DoS) condition. The vulnerability does not appear to provide code execution or information disclosure based on the available references [1][2].
Mitigation
The vendor fixed this issue in a commit referenced as fdd4765a699f9700850098b43b9798b933acb32f [2]. Users should update Exempi to a version that includes this fix. No CVE in KEV has been reported as of the publication date. No alternative workaround is detailed in the available sources.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- exempi/exempidescription
- osv-coords9 versionspkg:rpm/almalinux/exempipkg:rpm/almalinux/exempi-develpkg:rpm/opensuse/exempi&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/exempi&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.4.5-4.el8+ 8 more
- (no CPE)range: < 2.4.5-4.el8
- (no CPE)range: < 2.4.5-4.el8
- (no CPE)range: < 2.4.5-150000.3.9.1
- (no CPE)range: < 2.4.5-150000.3.9.1
- (no CPE)range: < 2.4.5-150000.3.9.1
- (no CPE)range: < 2.4.5-150000.3.9.1
- (no CPE)range: < 2.2.1-5.10.1
- (no CPE)range: < 2.2.1-5.10.1
- (no CPE)range: < 2.2.1-5.10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.