VDB
GCVE-110-MAGEIA-2021-167
GCVE-110-MAGEIA-2021-167
Advisory Published
This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM
package manager, including several security issues:
* Fix arbitrary data copied from signature header past signature checking
(CVE-2021-3421)
* Fix signature check bypass with corrupted package (CVE-2021-20271)
* Fix missing bounds checks in headerImport() and headerCheck()
(CVE-2021-20266)
* Fix missing sanity checks on header entry count and region data overlap
* Fix access past end of header if the last entry is string type
* Fix unsafe headerCopyLoad() still used in codebase
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | rawtherapee | 0 (affected), 5.8-3.1.mga8 (unaffected) | — |
| Mageia | rpm | 0 (affected), 4.16.1.3-1.mga8 (unaffected), 0 (affected), 4.16.1.3-1.mga8 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.