VDB
CVE-2021-32614
CVE-2021-32614
PUBLISHED
A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
EPSS 0.29% · 52.4th percentile
Risk Scores
EPSS Score
0.29%
52.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | dmg2img | 0, 1.6.7-1build1 |
| Ubuntu:22.04:LTS | dmg2img | 1.6.7-1build1, 1.6.7-1build2, 0 |
| Ubuntu:18.04:LTS | dmg2img | 1.6.7-1build1, 0, 1.6.5-1.1 |
| Ubuntu:25.10 | dmg2img | 0, *, 1.6.7-1build4 |
| Ubuntu:24.04:LTS | dmg2img | 0, 1.6.7-1build3, 1.6.7-1build2 |
| Ubuntu:16.04:LTS | dmg2img | 1.6.5-1, 0 |
Exploit Intelligence
Timeline
- May 26, 2021 CVE Published
- May 27, 2021 EPSS Score
- Jul 29, 2021 EPSS Score
- Sep 28, 2021 EPSS Score
- Nov 29, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 31, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 31, 2022 EPSS Score
- Aug 2, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32614 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32614 third-party-advisory