alpine · CVE-2021-3548

Quick triage

Priority: high Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2021-3548: 1 source package rows (dmg2img); 5 state rows across 5 repos (3.19-community, 3.20-community, 3.22-community, 3.23-community, edge-community); fixed 0, open 5.

Description:

A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.

cvelogic Threat Intelligence