CVE-2021-45943

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-45943
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 Exploit Issue Tracking Mailing List Patch Third Party Advisory
https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e Patch Third Party Advisory
https://github.com/OSGeo/gdal/pull/4944 Exploit Patch Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/
https://security.gentoo.org/glsa/202210-15 Third Party Advisory
https://www.debian.org/security/2022/dsa-5239 Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_and_graph:21c:*:*:*:*:*:*:*
History

07 Nov 2023, 03:39

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/', 'name': 'FEDORA-2022-cffca5dbf4', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/', 'name': 'FEDORA-2022-e85e37206b', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/ -

04 Nov 2022, 15:49

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202210-15 - (GENTOO) https://security.gentoo.org/glsa/202210-15 - Third Party Advisory

31 Oct 2022, 04:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202210-15 -

27 Oct 2022, 17:29

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html - Mailing List, Third Party Advisory

01 Oct 2022, 01:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html -

28 Sep 2022, 19:54

Type Values Removed Values Added
First Time Oracle
Oracle spatial And Graph
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_and_graph:21c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5239 - (DEBIAN) https://www.debian.org/security/2022/dsa-5239 - Third Party Advisory

28 Sep 2022, 04:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5239 -

25 Jul 2022, 18:18

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

05 Jun 2022, 03:38

Type Values Removed Values Added
First Time Fedoraproject
Fedoraproject fedora
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/ - Mailing List, Third Party Advisory

06 Apr 2022, 21:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/ -

05 Apr 2022, 18:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/ -

01 Apr 2022, 15:23

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html - Mailing List, Third Party Advisory
First Time Debian
Debian debian Linux
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

12 Jan 2022, 14:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html -

11 Jan 2022, 18:06

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : 4.3
v3 : 5.5
References (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 - (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 - Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
References (MISC) https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e - (MISC) https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e - Patch, Third Party Advisory
References (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml - (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml - Third Party Advisory
References (MISC) https://github.com/OSGeo/gdal/pull/4944 - (MISC) https://github.com/OSGeo/gdal/pull/4944 - Exploit, Patch, Third Party Advisory
CPE cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
First Time Osgeo
Osgeo gdal

01 Jan 2022, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-01-01 01:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-45943

Mitre link : CVE-2021-45943

CVE.ORG link : CVE-2021-45943

JSON object : View

Products Affected

oracle

  • spatial_and_graph

debian

  • debian_linux

osgeo

  • gdal

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write