CVE-2021-21798

HIGH Year: 2021
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-562
View all →

Vulnerability Description

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.

Related Vulnerabilities

CVE-2022-41837

CRITICAL
CVSS:9.8(Critical)

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based...

CWE-5622022

CVE-2024-33045

HIGH
CVSS:7.8(High)

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

CWE-5622024

CVE-2022-41837

CRITICAL
CVSS:9.8(Critical)

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based...

CWE-5622022

CVE-2024-33045

HIGH
CVSS:7.8(High)

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

CWE-5622024

CVE-2020-21686

MEDIUM
CVSS:5.5(Medium)

A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.

CWE-5622020