CVE Vulnerability

CVE-2021-33897

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://synthesiagame.com/news Release Notes Vendor Advisory
https://isopach.dev/CVE-2021-33897 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:synthesiagame:synthesia:*:*:*:*:*:*:*:*
Information

Published : 2022-11-17 09:15

Updated : 2022-11-21 08:01

NVD link : CVE-2021-33897

Mitre link : CVE-2021-33897

Products Affected
No products.
CWE
CWE-120