CVE-2021-32435 — Out-of-bounds Write in Abcm2ps

CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

5.5MEDIUMNVD

OSV9.8

EPSS

0.7%

top 27.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Abcm2ps Project Abcm2ps Debian Abcm2ps Debian Linux +1 more

Timeline

PublishedMar 10

Latest updateMar 16

Description

Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/abcm2ps< abcm2ps 8.14.13-1 (bookworm)

▶Debianabcm2ps_project/abcm2ps< 8.14.13-1+2

▶Ubuntuabcm2ps_project/abcm2ps< 7.8.9-1+deb9u1build0.18.04.1+3

▶NVDabcm2ps_project/abcm2ps8.14.11

Also affects: Debian Linux 9.0, Fedora 34, 35, 36

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

abcm2ps vulnerabilities↗2023-03-16

▶

GHSA

GHSA-grv7-4qw2-wr4j: Stack-based buffer overflow in the function get_key in parse↗2022-03-11

▶

OSV

CVE-2021-32435: Stack-based buffer overflow in the function get_key in parse↗2022-03-10

▶

📋Vendor Advisories

Ubuntu

abcm2ps vulnerabilities↗2023-03-16

▶

Debian

CVE-2021-32435: abcm2ps - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14....↗2021

▶