VDB
CVE-2021-3548
CVE-2021-3548
PUBLISHED
A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
EPSS 0.29% · 52.4th percentile
Risk Scores
EPSS Score
0.29%
52.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | dmg2img | 1.6.7-1build1, 1.6.7-1, 1.6.5-1.1 |
| Ubuntu:20.04:LTS | dmg2img | 0, 1.6.7-1build1 |
| Ubuntu:22.04:LTS | dmg2img | 0, 1.6.7-1build1, 1.6.7-1build2 |
| Ubuntu:16.04:LTS | dmg2img | 0, 1.6.5-1 |
| Ubuntu:25.10 | dmg2img | 1.6.7-1build4, *, 0 |
| Ubuntu:24.04:LTS | dmg2img | 1.6.7-1build2, 0, 1.6.7-1build3 |
Exploit Intelligence
Timeline
- May 26, 2021 CVE Published
- May 27, 2021 EPSS Score
- Jul 29, 2021 EPSS Score
- Sep 28, 2021 EPSS Score
- Nov 29, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 31, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 31, 2022 EPSS Score
- Aug 2, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3548 third-party-advisory
- https://github.com/Lekensteyn/dmg2img/issues/9 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3548 third-party-advisory