Search
Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34881 | 1 Bentley | 2 Bentley View, Microstation | 2022-01-14 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14834. | |||||
| CVE-2021-34882 | 1 Bentley | 2 Bentley View, Microstation | 2022-01-14 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14835. | |||||
| CVE-2021-34883 | 1 Bentley | 2 Bentley View, Microstation | 2022-01-14 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14836. | |||||
| CVE-2021-44697 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2021-12-23 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file. | |||||
| CVE-2021-44698 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2021-12-23 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file. | |||||
| CVE-2021-44699 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2021-12-23 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file. | |||||
| CVE-2021-44182 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. | |||||
| CVE-2021-44183 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | |||||
| CVE-2021-43763 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | |||||
| CVE-2021-44436 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905) | |||||
| CVE-2021-44448 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051) | |||||
| CVE-2021-44431 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841) | |||||
| CVE-2021-43273 | 1 Opendesign | 1 Drawings Sdk | 2021-11-30 | 4.3 MEDIUM | 3.3 LOW |
| An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-41533 | 1 Siemens | 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more | 2021-11-28 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565). | |||||
| CVE-2021-41534 | 1 Siemens | 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more | 2021-11-28 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703). | |||||
| CVE-2021-42525 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-11-19 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36087 | 2 Fedoraproject, Selinux Project | 2 Fedora, Selinux | 2021-11-17 | 2.1 LOW | 3.3 LOW |
| The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. | |||||
| CVE-2021-22464 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 4.6 MEDIUM | 3.3 LOW |
| A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. | |||||
| CVE-2021-36045 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2021-10-27 | 4.3 MEDIUM | 3.3 LOW |
| XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36053 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2021-10-27 | 4.3 MEDIUM | 3.3 LOW |
| XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-38440 | 1 Fatek | 1 Winproladder | 2021-10-21 | 4.3 MEDIUM | 3.3 LOW |
| FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information. | |||||
| CVE-2021-40729 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-10-21 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | |||||
| CVE-2021-21089 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-10-08 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39834 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2021-10-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | |||||
| CVE-2021-39833 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2021-10-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | |||||
| CVE-2021-39844 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-10-06 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39858 | 3 Adobe, Apple, Microsoft | 8 Acrobat, Acrobat 2017, Acrobat Dc and 5 more | 2021-10-06 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39865 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40697 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39862 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-37176 | 1 Siemens | 1 Simcenter Femap | 2021-09-23 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260) | |||||
| CVE-2021-25455 | 1 Google | 1 Android | 2021-09-23 | 4.3 MEDIUM | 3.3 LOW |
| OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. | |||||
| CVE-2021-36016 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-33738 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405) | |||||
| CVE-2020-24426 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-16 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24434 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-16 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36071 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-09-09 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36074 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-09-09 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-9706 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9707 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9710 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2021-36019 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36018 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35988 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-09-01 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35987 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-09-01 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28630 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-08-30 | 6.8 MEDIUM | 3.3 LOW |
| Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose potential sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36001 | 2 Adobe, Microsoft | 2 Character Animator, Windows | 2021-08-30 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Character Animator version 4.2 (and earlier) is affected by an out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35992 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-08-25 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36010 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-08-25 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-17264 | 1 Liblnk Project | 1 Liblnk | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue. | |||||