CVE-2021-38714

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/
https://sourceforge.net/p/plib/bugs/55/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:plib_project:plib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

History

02 Sep 2022, 15:33

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/ - Mailing List, Patch, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/ - Mailing List, Patch, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/ - Mailing List, Third Party Advisory

25 May 2022, 03:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/ -

16 Dec 2021, 20:35

Type	Values Removed	Values Added
CPE		cpe:2.3:o:debian:debian_linux:9.0:::::::*
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html - Mailing List, Third Party Advisory

02 Oct 2021, 14:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html -

31 Aug 2021, 02:07

Type	Values Removed	Values Added
CWE		CWE-190
CPE		cpe:2.3:a:plib_project:plib::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 8.8
References	~~(MISC) https://sourceforge.net/p/plib/bugs/55/ -~~	(MISC) https://sourceforge.net/p/plib/bugs/55/ - Exploit, Third Party Advisory

24 Aug 2021, 15:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-08-24 14:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-38714

Mitre link : CVE-2021-38714

CVE.ORG link : CVE-2021-38714

JSON object : View

Products Affected

fedoraproject

extra_packages_for_enterprise_linux
fedora

plib_project

plib

debian

debian_linux

CWE

CWE-190

Integer Overflow or Wraparound

8.8 /10