7.8
CVE-2021-3407
- EPSS 1.42%
- Veröffentlicht 23.02.2021 23:15:14
- Zuletzt bearbeitet 21.11.2024 06:21:25
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginA flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.42% | 0.8 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.