cbcvebase.
CVE-2021-38714
published 2021-08-24

CVE-2021-38714: In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA()…

PriorityP346high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.92%
85.3th percentile
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianplib< plib 1.8.5-10 (bookworm)plib 1.8.5-10 (bookworm)
fedoraprojectextra_packages_for_enterprise_linux
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
plib_projectplib<= 1.8.5
plib_projectplib>= 0 < 1.8.5-8+deb11u11.8.5-8+deb11u1
plib_projectplib>= 0 < 1.8.5-101.8.5-10
plib_projectplib>= 0 < 1.8.5-101.8.5-10
plib_projectplib>= 0 < 1.8.5-101.8.5-10

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.