UBUNTU-CVE-2020-36646

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-36646

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-36646.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-36646

Related

Published

2023-01-07T20:15:00Z

Modified

2025-05-26T16:41:17Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libzen

Package

Name: libzen
Purl: pkg:deb/ubuntu/libzen@0.4.29-1ubuntu0.1~esm1?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.29-1ubuntu0.1~esm1

Affected versions

0.*

0.4.29-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.4.29-1ubuntu0.1~esm1",
            "binary_name": "libzen-dev"
        },
        {
            "binary_version": "0.4.29-1ubuntu0.1~esm1",
            "binary_name": "libzen-doc"
        },
        {
            "binary_version": "0.4.29-1ubuntu0.1~esm1",
            "binary_name": "libzen0"
        },
        {
            "binary_version": "0.4.29-1ubuntu0.1~esm1",
            "binary_name": "libzen0-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / libzen

Package

Name: libzen
Purl: pkg:deb/ubuntu/libzen@0.4.32-1ubuntu0.16.04.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.32-1ubuntu0.16.04.1+esm1

Affected versions

0.*

0.4.29-1ubuntu2

0.4.32-1

0.4.32-1ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.4.32-1ubuntu0.16.04.1+esm1",
            "binary_name": "libzen-dev"
        },
        {
            "binary_version": "0.4.32-1ubuntu0.16.04.1+esm1",
            "binary_name": "libzen-doc"
        },
        {
            "binary_version": "0.4.32-1ubuntu0.16.04.1+esm1",
            "binary_name": "libzen0v5"
        },
        {
            "binary_version": "0.4.32-1ubuntu0.16.04.1+esm1",
            "binary_name": "libzen0v5-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / libzen

Package

Name: libzen
Purl: pkg:deb/ubuntu/libzen@0.4.37-1ubuntu0.18.04.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.37-1ubuntu0.18.04.1

Affected versions

0.*

0.4.36-1

0.4.37-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.4.37-1ubuntu0.18.04.1",
            "binary_name": "libzen-dev"
        },
        {
            "binary_version": "0.4.37-1ubuntu0.18.04.1",
            "binary_name": "libzen-doc"
        },
        {
            "binary_version": "0.4.37-1ubuntu0.18.04.1",
            "binary_name": "libzen0v5"
        },
        {
            "binary_version": "0.4.37-1ubuntu0.18.04.1",
            "binary_name": "libzen0v5-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / libzen

Package

Name: libzen
Purl: pkg:deb/ubuntu/libzen@0.4.37-1ubuntu0.20.04.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.37-1ubuntu0.20.04.1

Affected versions

0.*

0.4.37-1

0.4.37-1build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.4.37-1ubuntu0.20.04.1",
            "binary_name": "libzen-dev"
        },
        {
            "binary_version": "0.4.37-1ubuntu0.20.04.1",
            "binary_name": "libzen-doc"
        },
        {
            "binary_version": "0.4.37-1ubuntu0.20.04.1",
            "binary_name": "libzen0v5"
        },
        {
            "binary_version": "0.4.37-1ubuntu0.20.04.1",
            "binary_name": "libzen0v5-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / libzen

Package

Name: libzen
Purl: pkg:deb/ubuntu/libzen@0.4.39-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.39-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.4.39-1",
            "binary_name": "libzen-dev"
        },
        {
            "binary_version": "0.4.39-1",
            "binary_name": "libzen-doc"
        },
        {
            "binary_version": "0.4.39-1",
            "binary_name": "libzen0v5"
        },
        {
            "binary_version": "0.4.39-1",
            "binary_name": "libzen0v5-dbgsym"
        }
    ]
}