CVE-2021-32436 — Out-of-bounds Read in Abcm2ps

CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

3.0%

top 13.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Abcm2ps Project Abcm2ps Debian Abcm2ps Debian Linux +1 more

Timeline

PublishedMar 10

Latest updateMar 16

Description

An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/abcm2ps< abcm2ps 8.14.13-1 (bookworm)

▶Debianabcm2ps_project/abcm2ps< 8.14.13-1+2

▶Ubuntuabcm2ps_project/abcm2ps< 7.8.9-1+deb9u1build0.18.04.1+3

▶NVDabcm2ps_project/abcm2ps8.14.11

Also affects: Debian Linux 9.0, Fedora 34, 35, 36

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

abcm2ps vulnerabilities↗2023-03-16

▶

GHSA

GHSA-5qvg-hqqx-46rj: An out-of-bounds read in the function write_title() in subs↗2022-03-11

▶

OSV

CVE-2021-32436: An out-of-bounds read in the function write_title() in subs↗2022-03-10

▶

📋Vendor Advisories

Ubuntu

abcm2ps vulnerabilities↗2023-03-16

▶

Debian

CVE-2021-32436: abcm2ps - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.1...↗2021

▶