CVE-2021-3624

Опубликовано: 18 апр. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.

Ссылки

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761
Exploit
Issue Tracking
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dcraw_project:dcraw:9.28-2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00279

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

CWE-190

Связанные уязвимости

CVE-2021-3624

CVSS3: 7.8

ubuntu

почти 4 года назад

There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.

CVE-2021-3624

CVSS3: 7.8

redhat

больше 4 лет назад

There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.

CVE-2021-3624

CVSS3: 7.8

debian

почти 4 года назад

There is an integer overflow vulnerability in dcraw. When the victim r ...

GHSA-rj98-5wmh-q944

CVSS3: 7.8

github

почти 4 года назад

There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.

BDU:2021-03491

CVSS3: 6.7

fstec

больше 4 лет назад

Уязвимость функции foveon_load_camf() raw‐конвертера dcraw, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 51%

0.00279

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

CWE-190