First published: Mon Apr 05 2021(Updated: )
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libpano13 Project Libpano13 | <=2.9.19 | |
Libpano13 Project Libpano13 | =2.9.20-rc1 | |
Libpano13 Project Libpano13 | =2.9.20-rc2 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Debian Debian Linux | =9.0 | |
redhat/libpano13 | <2.9.20 | 2.9.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20307 is a format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier versions.
CVE-2021-20307 affects Libpano13 versions 2.9.20~rc2+dfsg-3 and earlier, as well as Fedora versions 32, 33, and 34.
CVE-2021-20307 has a severity rating of 9.8 (Critical).
To fix CVE-2021-20307, it is recommended to update to the latest version of libpano13 or apply the relevant security patches provided by the vendor.
More information about CVE-2021-20307 can be found in the following references: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi?id=1946284), [Reference 2](https://lists.debian.org/debian-lts-announce/2021/04/msg00010.html), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FVJRXUOBN56ZWP6QQ3NTA6DIFZMDZAEQ/).