A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value with an unknown input leads to a unchecked return value to null pointer dereference vulnerability. CWE is classifying the issue as CWE-690. The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. This is going to have an impact on availability.

The weakness was shared 01/07/2023 as 119. The advisory is shared at github.com. This vulnerability is uniquely identified as CVE-2020-36646. Technical details are known, but no exploit is available.

Upgrading to version 0.4.39 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. The advisory contains the following remark:

fix V522 [CWE-690] There might be dereferencing of a potential null pointer 'Gmt'.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• MediaArea

Name

• ZenLib

Version

• 0.4.0
• 0.4.1
• 0.4.2
• 0.4.3
• 0.4.4
• 0.4.5
• 0.4.6
• 0.4.7
• 0.4.8
• 0.4.9
• 0.4.10
• 0.4.11
• 0.4.12
• 0.4.13
• 0.4.14
• 0.4.15
• 0.4.16
• 0.4.17
• 0.4.18
• 0.4.19
• 0.4.20
• 0.4.21
• 0.4.22
• 0.4.23
• 0.4.24
• 0.4.25
• 0.4.26
• 0.4.27
• 0.4.28
• 0.4.29
• 0.4.30
• 0.4.31
• 0.4.32
• 0.4.33
• 0.4.34
• 0.4.35
• 0.4.36
• 0.4.37
• 0.4.38

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion