CVE-2021-21825

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xmill version 0.7

Description The issue is related to a heap-based buffer overflow error in the PlainTextUncompressor::UncompressItem function when handling XML files. This can be exploited by a remote attacker to execute arbitrary code by providing a specially crafted XMI file.

Recommendations For Xmill version 0.7, consider disabling the PlainTextUncompressor::UncompressItem function until a patch is available to prevent potential exploitation. Restrict access to handling XML files to minimize the risk of remote code execution.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

BDU:2023-03269

CVE-2021-21825

Affected Products

Xmill

CVE-2021-21825

Weakness Enumeration

Related Identifiers

Affected Products

References · 13