CVE-2021-3548

Name of the Vulnerable Software and Affected Versions dmg2img versions through 20170502

Description A flaw was found in dmg2img where it did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data, which might be used in a chain of vulnerability to reach code execution. The exploitation of this flaw could allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For versions through 20170502, as a temporary workaround, consider restricting the use of the main() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.