CVE-2020-11521
- Source
- https://cve.org/CVERecord?id=CVE-2020-11521
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11521.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11521
- Downstream
- Related
- Published
- 2020-05-15T17:15:11.733Z
- Modified
- 2026-02-18T01:26:32.832944Z
- Severity
-
- 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://github.com/FreeRDP/FreeRDP/commits/master
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
- https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
- https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf
- https://usn.ubuntu.com/4379-1/
- https://usn.ubuntu.com/4382-1/
- https://github.com/FreeRDP/FreeRDP/commits/master
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
- https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf
Affected packages
Git / gitlab.gnome.org/GNOME/libxml2
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/libxml2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
EAZEL-NAUTILUS-MS-AUG07
FOR_GNOME_0_99_1
GNOME_0_30
GNUMERIC_FIRST_PUBLIC_RELEASE
LIBXML_0_99
LIBXML_1_5_0
LIBXML_1_8_5
LIBXML_1_8_6
LIB_XML_1_1
LIB_XML_1_3
LIB_XML_1_4
LIB_XML_1_6_1
LIB_XML_1_6_2
LIB_XML_1_7_0
LIB_XML_1_7_1
LIB_XML_1_7_3
LIB_XML_1_8_3
LIB_XML_1_X
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11521.json"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 285.0,
"function_hash": "136658290638884125511041067234405160385"
},
"signature_type": "Function",
"id": "CVE-2020-11521-202937cc",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlParserInputBufferRead",
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"259452978766334378806252473043888211655",
"275858532467879679289029128345837869388",
"273858951471901440365955193437045286396",
"289623409539529981205467547044142553720",
"229861722633205817557437342200958850016",
"224067608287845126307816960403199549814",
"18324321196127540168026376908470364968",
"25636739357400368331731002168413490655",
"296446546796737854803983392614635981201"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-11521-20b20502",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"file": "parser.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 665.0,
"function_hash": "257332894418993375464227652279166231351"
},
"signature_type": "Function",
"id": "CVE-2020-11521-261986b3",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlAddPrevSibling",
"file": "tree.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"235080397879388409631658394402456862326",
"291738086430248651320817117239011952958",
"41142290511515282184633976480722071846",
"49412631760948276705925009967082893199",
"25603402098466455900389361701205990021",
"98114757384322021389605754669167325939",
"26089487987183836406658317991424259609",
"177517629065382035977739012598355305859",
"196315614745579292965625171314914377163",
"211763149621008958406917166805666672684",
"168145388224159796797661678364167538100",
"151246121736866585017549502213753431726",
"17717374720351654344325448156416320365",
"56901936614879178146719145326168196564",
"314194578215164810751972328073590413603",
"203347449317057842475505346809519048773",
"154435373400137391086356932168933893676",
"44945221942877274884099887384807287783",
"164095840519879161186409252740962143306",
"80716418640759016511486856284177505626",
"265096955041690471796344250780176393811",
"169139833840642264930267836305463325556",
"243950914175093836911660501500884314917",
"314739685227361687295538161938491160832",
"212641207764862725405642205574954279482",
"218164826824847456099366236298915813964",
"305095267380462991213402626761446305698",
"159434049807334809770483288044343119101",
"298863647468063246049360775363895767890",
"122582072427625201198105249463321734681",
"5765371700177624355155304821523319321",
"204709777545192769186606703746118783935",
"246464329548049939401531167680603415519",
"251204868618313246935910474167774983549",
"175836855751375989243874041119462954466",
"94097581169946117061577924669109050800",
"206064486623810765425052764924752712574",
"213509037124197751549875204659628104",
"187908942838906204575542237848264569776",
"232253448480343390778643249442727842689",
"192518216265409700744592629785499239422",
"167839916811063522470071460317425845973",
"171441448402521830497635984543749636723",
"149093471421510460752023951306974750770",
"26692538945920295184213465184754877392",
"180300866831770337278854425550057012804",
"121919798819130157550976477459877142383",
"54481170165287007679425875494436156768",
"54036561323468616381878713299629980089",
"21167072720574831304152366462964108642",
"308529070447063989356316115701722583762",
"185441486940598593649964318731839698667",
"336449689579977448548391791688465662455",
"33848892341221381828984260763894787265",
"24129434614401619138993142444984636639",
"232839442726479986263868591778101731801",
"163711666415332019756955647146443227510",
"296273933023049515612261688446201967448",
"73830908559027075100735482616207557678",
"54481170165287007679425875494436156768",
"158067519205364595827175486003193834198",
"66631111248645423716378693919844492125",
"249275732500324612885059978448347027781",
"42063315242683878194682958718786164468",
"80139078075556247189572928804849042541",
"285620090837611031613562140289179560794",
"339591681981374320337885365264511364738",
"219287764386754339174127076612793040396",
"273517870176237988651339181377563954931",
"161810182922030799248859403033522343748",
"251218147902970613674861255430252621787",
"256120598375089340428415778955169491714",
"60042905552297373951546525404635920004",
"71559805027386730149322402766175980303",
"275407330927129145075725125574667616037",
"336417300783965739007690011564633272753",
"113801470778042287454318842622687802936",
"327744241054892055355804074231041112845",
"183396822660289800769531513980135676947",
"199333478834170336341051024864801471700",
"53317176460741101947442433529058822662",
"104328277708523583261078392332459888596",
"249019632599659851128094632907550897637",
"84136809618311196626509963133345769134",
"183142364484115802536334827950335171817",
"242266216196601859726091257976156121209",
"221948537399488641322002307687352726126",
"256351594335181490681373482311845511997",
"297176211307990285161948256117971873121",
"173241655582432889943884536344133365285",
"174892370238735347784949543482778945515",
"263635509540683010137810303508871124542",
"66695664974612159598917679598131385230",
"187341275515676314535240064172353660673",
"184924286438960318443002428358394602624",
"256120598375089340428415778955169491714",
"60042905552297373951546525404635920004",
"81523447507512320196969116821820810770",
"35700406426370600860897263512600184613",
"25442147726063128935886864062607563020",
"122268169367753954205862351011617372613",
"251880331047805123555971425166525698748",
"133672347115718358157097477047984237832",
"203686955569755565468346104600337531649",
"262890621407975682573722394748291023934",
"38648878102759420228752326131572368064",
"109936807162093337345118798624253124198",
"84136809618311196626509963133345769134",
"183142364484115802536334827950335171817",
"184625654107041955438172122378875015594",
"174502465663593929346071751328882819626",
"180037370562821044362326985660176439444",
"183340777350050586768022691378240927500",
"133693925137998177676453219073672174162",
"241081661386931309029659708403463494204",
"331676781447889687450804594621189980967",
"189525002916241960466372723846585970940",
"107474978777360944796537623213689423770",
"117959247243484005416820661518571290648",
"320723726750150138888951353576720021099",
"208826743075852227438196581912277790541",
"262543479517671925977887351055726800776",
"197679117016086302798698865230540693405",
"201683339611265589963429571526994420534",
"274791758450434954026758838373053944348",
"97826966982746772878390344355531014932",
"126490583793525765943297299758935991440",
"69749631862483464484154260874732473066",
"164451772373511208969227410915053635679",
"3035451557025255433130161234191112774",
"155528499682435755530052503345786054366",
"14738189520257732917943150832611541022",
"135165862385605266193679627645374186931",
"321887376010615594525176659156551410913",
"62796356529145198399132515333801503223",
"90999097024706629512634551497600179020",
"311257438862409692374066029152331834648",
"19521286016847205935318302968084702426",
"147887873346374610552904617211560326583",
"102345915644597827304174497106791685161",
"85158087491913016551606045296621266494",
"323707321495547197554072865867950411789",
"237546216682092945590131062623395799280",
"196129309994516452129870523679202895670",
"54402552500761035669478791132309211899",
"82037688528170620850284060290501558094",
"245971498122644834104030832935449082350",
"298916148403814816188567397516431780684",
"176887350898041312489005305236561722691",
"25998714612581091504302548263146914612",
"110765201018389996575353758814720981152",
"322053656714462085362169538814080814962",
"21689816059264761148271142981429144207",
"177574581420785982175250717761157964992",
"101158841158697429809697155522651443172",
"310317545569472628921603578609870903983",
"252866204172819710511486464938139555502",
"335011349173225050594629410802320259181",
"248957324345614938017851010990923459151",
"200960298201676738467167049205414671288",
"222695042951390417822367738598571157402",
"93287700758115301842644511731957490296",
"22465782415004502064775005408739247729",
"251865565723220779819188912004590515700",
"186391383206567546782226752385234141636",
"37535850094526832688859060836638952633",
"17590477351364440445733022706265271475",
"202431066600231252362359558501215518414",
"253878662171528247328527523633529451088",
"315439425964937647870855800479383692787",
"219689943860331793503958932936538707208",
"53385627732296501273183637631498154846",
"177784248686506796449197187606511336942",
"73208218991966910630814666166388020168",
"176428753053022824511875365668808029959",
"232180687052200292217902756063675817374",
"126793483783468280399698738609748867631",
"33760182071741412989454629728680368221"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-11521-2edee264",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 181.0,
"function_hash": "311278630300249633989894862485854030534"
},
"signature_type": "Function",
"id": "CVE-2020-11521-357e1a9c",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlParserInputBufferCreateFd",
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 560.0,
"function_hash": "107393731774587102882642773445045873652"
},
"signature_type": "Function",
"id": "CVE-2020-11521-5861f684",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlAllocParserInputBuffer",
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"158901893356690738728985106470115304871",
"317823244767138644807407670973848573847",
"275970976231826579088909646998933863594",
"147905029265883200506391197602458575176",
"91692298230005196773646637236401448520",
"245985565025950809021684729030352302560",
"280442849217571896866796044292662295065",
"315422917100578484183477277247095311132",
"102639903516715489091389696570839107917",
"135051083537698879511715806171212310531",
"143204797251416352058179162607785640310",
"213021240344649186445471803115471777208",
"337618253229116570069702793885571811536",
"98076423329138415312146429174407378512"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-11521-5c757281",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"file": "include/libxml/xmlIO.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1003.0,
"function_hash": "236765731640794812900402783721157965515"
},
"signature_type": "Function",
"id": "CVE-2020-11521-663162cd",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlParserInputGrow",
"file": "parser.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 554.0,
"function_hash": "152292430792481750773951635650867778902"
},
"signature_type": "Function",
"id": "CVE-2020-11521-77bc51f1",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlParserGetDirectory",
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 673.0,
"function_hash": "131466086180969435587830867008137980314"
},
"signature_type": "Function",
"id": "CVE-2020-11521-869cc9c8",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlAddNextSibling",
"file": "tree.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 568.0,
"function_hash": "326224459645550302133220462608086274916"
},
"signature_type": "Function",
"id": "CVE-2020-11521-8f7ac94e",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlFreeParserInputBuffer",
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"158901893356690738728985106470115304871",
"317823244767138644807407670973848573847",
"275970976231826579088909646998933863594",
"147905029265883200506391197602458575176",
"91692298230005196773646637236401448520",
"245985565025950809021684729030352302560",
"280442849217571896866796044292662295065",
"315422917100578484183477277247095311132",
"102639903516715489091389696570839107917",
"135051083537698879511715806171212310531",
"143204797251416352058179162607785640310",
"213021240344649186445471803115471777208",
"337618253229116570069702793885571811536",
"98076423329138415312146429174407378512"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-11521-a2d71791",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"file": "xmlIO.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2016.0,
"function_hash": "185174550367944178683570355220707939883"
},
"signature_type": "Function",
"id": "CVE-2020-11521-bb5d8f4e",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlParserInputBufferCreateFilename",
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 187.0,
"function_hash": "39781369087632841529127184955052011337"
},
"signature_type": "Function",
"id": "CVE-2020-11521-e24f4c7e",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlParserInputBufferCreateFile",
"file": "xmlIO.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2243.0,
"function_hash": "280497630413386613596738774662628784286"
},
"signature_type": "Function",
"id": "CVE-2020-11521-eed043ad",
"source": "https://gitlab.gnome.org/GNOME/libxml2@5d211f4c7a150e45a301cec55426a7ed7edb7f50",
"target": {
"function": "xmlParserInputBufferGrow",
"file": "xmlIO.c"
}
}
]