CVE-2020-18775: 
NixOS vulnerability analysis and mitigation

CVE-2020-18775 is a heap-based buffer over-read vulnerability discovered in Libav version 12.3. The vulnerability specifically affects the vc1decodebmbintfi function in vc1_block.c file. This security flaw was assigned on August 13, 2020 (CVE Details).

The vulnerability is classified as a heap-based buffer over-read (CWE-125) that occurs in the vc1decodebmbintfi function within vc1_block.c. It has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating that it requires user interaction but can be exploited remotely without authentication (NVD).

When successfully exploited, this vulnerability allows an attacker to cause a denial-of-service condition through a specially crafted file. The impact is primarily on the availability of the system, as indicated by the CVSS metrics showing high impact on availability (A:H) but no impact on confidentiality (C:N) or integrity (I:N) (NVD).

As of the available information, there is no official patch released for this vulnerability. The issue affects Libav version 12.3, and users should monitor for updates from the Libav project (Debian Tracker).