7.1

CVE-2021-3548

EPSS 0.19%
Veröffentlicht 26.05.2021 21:15:08
Zuletzt bearbeitet 21.11.2024 06:21:48
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dmg2img Project ≫ Dmg2img Version <= 20170502

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.408

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://bugzilla.redhat.com/show_bug.cgi?id=1959585

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-3548

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3548

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3548

EUVD