← back
CVE-2021-3548

CVE-2021-3548

EPSS 0.9%CWE-125
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
Affected products
n/a · dmg2img