CVE-2019-20016
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-20016
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20016.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-20016
- Downstream
- Related
- Published
- 2019-12-27T02:15:10Z
- Modified
- 2025-09-19T10:58:52.177007Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.
- References
Affected packages
Git / github.com/hoene/libmysofa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hoene/libmysofa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f",
"target": {
"file": "src/hdf/fractalhead.c",
"function": "directblockRead"
},
"signature_version": "v1",
"digest": {
"function_hash": "22426894383875682064064341448174269836",
"length": 4271.0
},
"id": "CVE-2019-20016-1a562a31"
},
{
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f",
"target": {
"file": "src/hrtf/reader.c",
"function": "mysofa_load"
},
"signature_version": "v1",
"digest": {
"function_hash": "220409858334768758030964991236568024685",
"length": 661.0
},
"id": "CVE-2019-20016-396952ad"
},
{
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f",
"target": {
"file": "src/hdf/reader.h"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"126920402152793972054346189018412031597",
"192349277455691798649695065491058276126",
"240342474809492929687205401559339442194",
"110450927489098810108528014416881043090"
]
},
"id": "CVE-2019-20016-64116101"
},
{
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f",
"target": {
"file": "src/hrtf/reader.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"218483871317559296276866678091979471851",
"59116885264007309288058354283826321541",
"325474360844867093402785901074817917631",
"301834355421996408333369801449968838938"
]
},
"id": "CVE-2019-20016-9180eedd"
},
{
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f",
"target": {
"file": "src/hdf/fractalhead.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"309421920668530166875275141915823296016",
"108586805816705787476392180996387578299",
"92938964960654865207554545102813539782",
"190014348197550664022981370389235665492",
"195270836730953688632176371217196646522",
"86500040936225443048492081479754717538",
"295942992743340884871023245474831205552",
"222147066808922266623752909979925333999",
"99210129838139037229072738950565222511",
"200078829488792878604784776002487678681",
"54120965833940361139325454686524056353"
]
},
"id": "CVE-2019-20016-96bcfeef"
}
]
}