The two vulnerabilities are tracked as CVE-2020-1425 and CVE-2020-1457, the first one being rated as critical while the second received an important severity rating. In both cases,
the remote code execution issue is caused by the way that Microsoft Windows Codecs Library handles objects in memory. After successfully exploiting CVE-2020-1425, attackers "could obtain information to further compromise the user’s system," while successful
exploitation of CVE-2020-1457 could lead to arbitrary code execution on vulnerable systems.
Learn more >