CVE-2021-32614

Name of the Vulnerable Software and Affected Versions dmg2img versions through 20170502

Description A flaw was found in the fill mishblk() function, which does not check the length of the read buffer and copies 0xCC bytes from it. The length of the buffer is controlled by an attacker, allowing for a potential memory layout information leak by providing a length smaller than 0xCC, causing memcpy to reach out of the malloc'ed bound. This could be used in a chain of vulnerabilities to reach code execution. The exploitation of this flaw may allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For versions through 20170502, consider disabling the fill mishblk() function until a patch is available to prevent potential memory layout information leaks and code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.