VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 22, 2023· Updated Oct 4, 2024

CVE-2020-18652

CVE-2020-18652

Description

Buffer overflow in exempi <=2.5.0 allows remote DoS via crafted WebP file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in exempi <=2.5.0 allows remote DoS via crafted WebP file.

Vulnerability

A buffer overflow vulnerability exists in the WEBP_Support.cpp file of exempi version 2.5.0 and earlier. An attacker can trigger the overflow by opening a crafted WebP file, leading to a denial of service.

Exploitation

An attacker must craft a malicious WebP file and convince a user to open it with an application using exempi. No authentication is required, and the attack can be performed remotely.

Impact

Successful exploitation causes a denial of service, potentially crashing the application.

Mitigation

As of the publication date, no fix is publicly disclosed. The issue is tracked in the exempi repository [1] and a commit reference exists [2], but details are not available. Users should monitor for updates.

References
  1. gitlab.freedesktop.org/libopenraw/exempi/issues/12
  2. gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.