CVE-2021-38714

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

Published: Aug 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-38714
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
plib_project / plib	-	1.8.5.x
debian / debian_linux	9.0	9.0.x
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
fedoraproject / extra_packages_for_enterprise_linux	7.0	7.0.x
fedoraproject / fedora	37	37.x

https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/
https://lists.fedoraproject.org/archives/list/[email protected]/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/
https://lists.fedoraproject.org/archives/list/[email protected]/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU/
https://sourceforge.net/p/plib/bugs/55/

Vulnerability Database

289,599

CVE-2021-38714