PT-2021-16645 · Unknown · Libsaviextractor.So

Published

2021-09-09

Updated

2021-09-23

CVE-2021-25455

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: libsaviextractor.so library prior to SMR Sep-2021 Release 1

Description: The issue allows attackers to access arbitrary addresses through a pointer via a forged avi file, exploiting an out-of-bounds (OOB) read vulnerability in the libsaviextractor.so library.

Recommendations: For versions prior to SMR Sep-2021 Release 1, update to the SMR Sep-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the libsaviextractor.so library until a patch is available. Avoid using the library to process untrusted avi files until the issue is resolved.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-25455

Affected Products

Libsaviextractor.So

PT-2021-16645 · Unknown · Libsaviextractor.So

CVE-2021-25455

Weakness Enumeration

Related Identifiers

Affected Products

References · 5