PT-2021-16646 · Unknown · Libswmfextractor.So

Published

2021-09-09

Updated

2021-09-22

CVE-2021-25456

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: libswmfextractor.so library prior to SMR Sep-2021 Release 1

Description: The issue is related to an out-of-bounds (OOB) read vulnerability in the libswmfextractor.so library. This vulnerability allows attackers to execute memcpy at an arbitrary address via a forged wmf file.

Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the libswmfextractor.so library until a patch is available. Avoid using forged wmf files with the affected library to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-25456

Affected Products

Libswmfextractor.So

PT-2021-16646 · Unknown · Libswmfextractor.So

CVE-2021-25456

Weakness Enumeration

Related Identifiers

Affected Products

References · 5