CVE-2021-32436

Description

An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.

Related CPE's

aabcm2ps_projectabcm2ps8.14.11*******

ofedoraprojectfedora34*******

ofedoraprojectfedora35*******

ofedoraprojectfedora36*******

odebiandebian_linux9.0*******

References

https://github.com/leesavide/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3

PatchThird Party Advisory

https://github.com/leesavide/abcm2ps/issues/85

ExploitIssue TrackingPatchThird Party Advisory

FEDORA-2022-6b46927596

Mailing ListThird Party Advisory

FEDORA-2022-68d22975a4

Mailing ListThird Party Advisory

FEDORA-2022-93025de981

Issue TrackingThird Party Advisory

[debian-lts-announce] 20220417 [SECURITY] [DLA 2983-1] abcm2ps security update

Third Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

6.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

4.3

VectorString

AV:N/AC:M/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io