Integer Overflow to Buffer Overflow

CVE-2020-1895

High

7.8/10

Summary

A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-680 - Integer Overflow to Buffer Overflow

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

References

Advisory Timeline

Published Apr 09, 2020

Integer Overflow to Buffer Overflow

CVE-2020-1895

Summary

CWE-680 - Integer Overflow to Buffer Overflow

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS