CVE-2021-38714

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/
https://sourceforge.net/p/plib/bugs/55/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:plib_project:plib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

History

07 Nov 2023, 03:37

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/', 'name': 'FEDORA-2022-08022e9452', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/', 'name': 'FEDORA-2022-bcc0df5180', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/', 'name': 'FEDORA-2022-1cf3c9578f', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/ -

02 Sep 2022, 15:33

Type	Values Removed	Values Added
First Time		Fedoraproject Fedoraproject extra Packages For Enterprise Linux Fedoraproject fedora
CPE		cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/ - Mailing List, Patch, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/ - Mailing List, Patch, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/ - Mailing List, Third Party Advisory

25 May 2022, 03:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/ -

16 Dec 2021, 20:35

Type	Values Removed	Values Added
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html - Mailing List, Third Party Advisory
CPE		cpe:2.3:o:debian:debian_linux:9.0:::::::*

02 Oct 2021, 14:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html -

31 Aug 2021, 02:07

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 8.8
References	~~(MISC) https://sourceforge.net/p/plib/bugs/55/ -~~	(MISC) https://sourceforge.net/p/plib/bugs/55/ - Exploit, Third Party Advisory
CWE		CWE-190
CPE		cpe:2.3:a:plib_project:plib::::::::

24 Aug 2021, 15:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-08-24 14:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-38714

Mitre link : CVE-2021-38714

CVE.ORG link : CVE-2021-38714

JSON object : View

Products Affected

debian

debian_linux

plib_project

plib

fedoraproject

extra_packages_for_enterprise_linux
fedora

CWE

CWE-190

Integer Overflow or Wraparound

8.8 /10