{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "4.56.3"
              },
              {
                "introduced": "4.57.0"
              },
              {
                "fixed": "4.80.2"
              },
              {
                "introduced": "4.81.0"
              },
              {
                "fixed": "4.93.2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "4.94.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "4.95.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "4.96.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "4.97.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "4.98.0"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1e8015b71d689f612ecf4995544a200d5c5617a3"
            },
            {
              "introduced": "ce87598e3c65a922a6e25c7119e2446f1fa6a4b6"
            },
            {
              "fixed": "79a132194e1b4c1d7cb374b7b8a2bb74f11d08bf"
            },
            {
              "introduced": "75407bf7bfdd694f18e2660c4e78aeeacb07b622"
            },
            {
              "fixed": "f1dfafe82316eb0cb9b4c430dc2949a18296fd1b"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "510a8a05894483f0f398f380df8587a03d52bf2d"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "f9a831b7130ca86233922048611e17bc2f074398"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "ee92877f806fc0cebacda739efa1388042df0946"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "99d4cfd6e82cea13306d4897d5da6076c943f975"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "4cd5c1d9e75effa0dd1dd8a53dfd47c62111f956"
            },
            {
              "fixed": "08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "repo": "https://github.com/facebook/hhvm",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.",
  "id": "CVE-2020-1917",
  "modified": "2026-03-13T21:50:04.954282050Z",
  "published": "2021-03-10T16:15:14.313Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
    },
    {
      "type": "FIX",
      "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}