CVE-2018-1000052

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000052
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000052.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000052
Downstream
Published
2018-02-09T23:29:01.837Z
Modified
2025-11-20T10:44:30.231105Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7.

References

Affected packages

Git / github.com/fmtlib/fmt

Affected ranges

Type
GIT
Repo
https://github.com/fmtlib/fmt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8cf30aa2be256eba07bb1cefb998c52326e846e7

Affected versions

0.*
0.10.0
0.12.0
0.8.0
0.9.0
1.*
1.0.0
1.1.0
2.*
2.0.0
3.*
3.0.0
4.*
4.0.0
v0.*
v0.11.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000052.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "110591803394114351941914458806589760721",
                "287810283929934154825607901014832827640",
                "212250017826160587350969036080949245993",
                "127986707911165185366547703139121270059",
                "311532370314298645239276907197314443023",
                "293857183114200540885559026665483317773",
                "309151260092442257579592463455938576168",
                "307624301098919803971134373174490442590",
                "70364650391352051818610078987705462671",
                "252725868438599145184231759417438568108"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "fmt/format.h"
        },
        "source": "https://github.com/fmtlib/fmt/commit/8cf30aa2be256eba07bb1cefb998c52326e846e7",
        "id": "CVE-2018-1000052-03a3f6b0",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "digest": {
            "function_hash": "265989882403154873678894996918983833800",
            "length": 1762.0
        },
        "signature_type": "Function",
        "target": {
            "file": "fmt/format.h",
            "function": "prepare_int_buffer"
        },
        "source": "https://github.com/fmtlib/fmt/commit/8cf30aa2be256eba07bb1cefb998c52326e846e7",
        "id": "CVE-2018-1000052-5b6658cc",
        "signature_version": "v1"
    }
]