How severe is CVE-2021-40417?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-40417?

This is classified as CWE-680, which is a common weakness in software security.

CVE-2021-40417

CRITICAL Year: 2021

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-680

View all →

Vulnerability Description

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.

CVE-2018-8786

CRITICAL

CVSS:9.8(Critical)

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably eve...

CWE-6802018

CVE-2018-8787

CRITICAL

CVSS:9.8(Critical)

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a re...

CWE-6802018

CVE-2018-8794

CRITICAL

CVSS:9.8(Critical)

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even ...

CWE-6802018

CVE-2018-8795

CRITICAL

CVSS:9.8(Critical)

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably...

CWE-6802018

CVE-2020-13576

CRITICAL

CVSS:9.8(Critical)

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HT...

CWE-6802020