How severe is CVE-2021-34333?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-34333?

This is classified as CWE-415, which is a common weakness in software security.

CVE-2021-34333 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295)

Related Vulnerabilities

CVE-2014-9807

MEDIUM

CVSS:5.5(Medium)

The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.

CWE-4152014

CVE-2015-5203

MEDIUM

CVSS:5.5(Medium)

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CWE-4152015

CVE-2015-8894

MEDIUM

CVSS:5.5(Medium)

Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.

CWE-4152015

CVE-2017-15330

MEDIUM

CVSS:5.5(Medium)

The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malici...

CWE-4152017

CVE-2017-15364

MEDIUM

CVSS:5.5(Medium)

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. ...

CWE-4152017

CVE-2017-6353

MEDIUM

CVSS:5.5(Medium)

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (inval...

CWE-4152017