Buffer overflow in Facebook Hhvm

CVE-2020-1917

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-…

Vulnerability class: Buffer Overflow

EPSS: 0.007 (73.5th percentile) — read the EPSS interpretation.

Affected products

Facebook Hhvm — versions 4.98.1, 4.98.0, 4.97.1

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

hhvm.com/blog/2021/02/25/security-update.html (x_refsource_MISC)
github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca (x_refsource_MISC)