CVE-2020-28163

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-28163
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28163.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-28163
Downstream
Published
2023-04-16T00:15:07.313Z
Modified
2025-11-14T10:59:44.178374Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

libdwarf before 20201201 allows a dwarfprintlines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.

References

Affected packages

Git / github.com/davea42/libdwarf-code

Affected ranges

Type
GIT
Repo
https://github.com/davea42/libdwarf-code
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
faf99408e3f9f706fc3809dd400e831f989778d3

Affected versions

Other

20110113
20110605
20110607
20110612
20110908
20111009
20111030
20111214
20120410
20121127
20121130
20130125
20130126
20130207
20130729
20130729-b
20140131
20140208
20140413
20140519
20140805
20150112
20150115
20150310
20150507
20150913
20150915
20151114
20160116
20160507
20160613
20160923
20160929
20161001
20161021
20161124
20170416
20170709
20180129
20180527
20180723
20180724
20180809
20181024
20190104
20190110
20190505
20190529
20191002
20191104
20200114
20200703
20200719
20200825
20201020

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "libdwarf/dwarf_print_lines.c"
        },
        "id": "CVE-2020-28163-976241a1",
        "digest": {
            "line_hashes": [
                "39757867755508855599357251662335222116",
                "168951112543562491899277066726292992798",
                "282749259241874964783435342518303774442",
                "247520410751051133495361171056516653359",
                "37573795038650590326582531900254823284",
                "89882302238465354920796403998745351678",
                "320258111385262438712067207907612855477",
                "270060266717424680479238435082887104936",
                "56234802902634797532715352227486076350",
                "180734698050974572913711272259274696407",
                "299208918402968666624532640104675930875",
                "149765863945872408991286749430983362011",
                "251707489805777673602737468494118586220",
                "284852265747504771826593234395311001685",
                "304809923676317775812619857009629692149",
                "257909515931093135862381473343934113950",
                "118833851096584963664770641960795055885",
                "80937753395734395708350975742203564969",
                "144984083339472422166954944589954211454",
                "326284635693336990724578253846049749881",
                "153904064092893760894335827690011337719",
                "249802587826805570133149424778645598354",
                "262210705323390054945831344400663535631",
                "310255347027914265961468375045998337959",
                "175433042041504189880838674952566748862",
                "150717925571910808986304335313014192232",
                "317423604334724850395173424367912012356",
                "118521575644218329653000311284248244305",
                "313003284895685608786427651555553892324",
                "280127658401844091562709781285274171459",
                "142654945070655460597297272669297254512",
                "171182140575752066324821492696848989169",
                "64184199794284451342207949166099298049",
                "340203780278294658047030458262590661797",
                "88059403818349318472195521420983004637",
                "239850346390381346736220009121406555099",
                "255675919837080448196369202481480838638",
                "171333467627892540092864366869643122344",
                "43478898303630548076911399555667916339",
                "174463514788706407111058007316384356805",
                "172254557065384418970663454103061853064",
                "253588693128284294320059812977451388504",
                "242728758346978343233617785101748612559",
                "43304781673364482506341975369945023261",
                "124685864282425475514406302139453176700",
                "294747788820001279187669522312894233395",
                "45121080075641105588521253351472366578",
                "260744747964841710432945712028633345283",
                "47318856895832109971619423910315154630",
                "255288812484604073083617282984248873745",
                "138562776287116998913115934074133786317",
                "41081695094652157669529951672284972499",
                "198472625336059480935427038491101489672",
                "157172635554071928483490930476003042139",
                "192520742053873698972594400310509719744",
                "204527573905211408383109440688970079732",
                "290465023138791771487312943611054188458",
                "216571940776258148007721530831053419212"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "print_just_file_entry_details",
            "file": "libdwarf/dwarf_print_lines.c"
        },
        "id": "CVE-2020-28163-a6d2f418",
        "digest": {
            "length": 1846.0,
            "function_hash": "248540983837255728850763059232230183248"
        },
        "deprecated": false
    }
]