PT-2021-7543 · Amazon · Amazon Kindle

Published

2021-09-01

Updated

2021-09-10

CVE-2021-30354

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Amazon Kindle e-reader versions prior to and including 5.13.4

Description The issue is caused by an Integer Overflow in the CJBig2Image::expand() function, leading to a Heap-Based Buffer Overflow. This results in memory corruption and allows for code execution when a crafted PDF book is parsed. The vulnerability can be exploited by an attacker to execute arbitrary code using a specially crafted PDF file.

Recommendations For Amazon Kindle e-reader versions prior to and including 5.13.4, update to a version later than 5.13.4 to resolve the issue. As a temporary workaround, consider avoiding the use of crafted PDF books until a patch is available.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-680CWE-190

Related Identifiers

BDU:2022-07435

CVE-2021-30354

Affected Products

Amazon Kindle

PT-2021-7543 · Amazon · Amazon Kindle

CVE-2021-30354

Weakness Enumeration

Related Identifiers

Affected Products

References · 6