CVE-2020-1574 MEDIUM

CVE-2020-1574: Microsoft Windows Codecs Library Remote Code Execution Vulnerability

Vendor Microsoft
Product Windows 10 Version 2004
Published August 17, 2020
Last update May 29, 2026

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

Key dates

02Disclosure timeline

August 17, 2020 CVE published
May 29, 2026 Record updated