VDB
CVE-2021-38714
CVE-2021-38714
PUBLISHED
CVSS 8.800000190734863 HIGH
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.
EPSS 0.11% · 28.6th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.11%
28.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| plib_project | plib | 0 |
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 36, 34, 37 |
Timeline
- Aug 24, 2021 CVE Published
- Aug 25, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Oct 22, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 15, 2022 EPSS Score
- Jun 12, 2022 EPSS Score
- Aug 10, 2022 EPSS Score
- Dec 5, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://sourceforge.net/p/plib/bugs/55/ url
- [debian-lts-announce] 20211002 [SECURITY] [DLA 2775-1] plib security update mailing-list
- FEDORA-2022-1cf3c9578f vendor-advisory
- FEDORA-2022-bcc0df5180 vendor-advisory
- FEDORA-2022-08022e9452 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-38714 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU url
- https://sourceforge.net/p/plib/bugs/55 url