CVE-2021-45465

HIGH Year: 2021
CVSS v3 Score
7.8
High
Weakness Type
CWE-123
View all →

Vulnerability Description

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)

Related Vulnerabilities

CVE-2017-6282

HIGH
CVSS:7.8(High)

NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This ...

CWE-1232017

CVE-2018-16962

HIGH
CVSS:7.8(High)

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.

CWE-1232018

CVE-2020-16225

HIGH
CVSS:7.8(High)

Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allo...

CWE-1232020

CVE-2024-20741

HIGH
CVSS:7.8(High)

Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati...

CWE-1232024

CVE-2024-45142

HIGH
CVSS:7.8(High)

Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. Th...

CWE-1232024

CVE-2024-2607

HIGH
CVSS:8.1(High)

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnera...

CWE-1232024