CVE-2020-3988

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Published: Sep 16, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3988
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:N/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
vmware / horizon_client	5.0.0	5.4.4
vmware / workstation_player	15.0.0	16.0.0
vmware / workstation_pro	15.0.0	16.0.0

https://www.vmware.com/security/advisories/VMSA-2020-0020.html

Vulnerability Database

289,599

CVE-2020-3988