CVE-2021-40391

CRITICAL Year: 2021
CVSS v3 Score
10.0
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-390
View all →

Vulnerability Description

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Related Vulnerabilities

CVE-2019-5051

HIGH
CVSS:8.8(High)

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution....

CWE-3902019

CVE-2019-5051

HIGH
CVSS:8.8(High)

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution....

CWE-3902019

CVE-2024-49841

HIGH
CVSS:7.8(High)

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CWE-3902024

CVE-2024-27919

HIGH
CVSS:7.5(High)

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does ...

CWE-3902024

CVE-2025-26465

MEDIUM
CVSS:6.8(Medium)

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs...

CWE-3902025

CVE-2025-25204

MEDIUM
CVSS:6.3(Medium)

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` c...

CWE-3902025