CVE-2021-20307
Ubuntu Security Notice USN-6163-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
Una vulnerabilidad de cadena de formato en la funciĆ³n panoFileOutputNamesCreate() en libpano versiones 13 2.9.20~rc2+dfsg-3 y anteriores, puede conllevar a leer y escribir valores de memoria arbitrarios
It was discovered that pano13 did not properly validate the prefix provided for PTcrop's output. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that pano13 did not properly handle certain crafted TIFF images. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-04-05 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1946284 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00010.html | Mailing List |
|
| https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20 | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libpano13 Project Search vendor "Libpano13 Project" | Libpano13 Search vendor "Libpano13 Project" for product "Libpano13" | <= 2.9.19 Search vendor "Libpano13 Project" for product "Libpano13" and version " <= 2.9.19" | - |
Affected
| ||||||
| Libpano13 Project Search vendor "Libpano13 Project" | Libpano13 Search vendor "Libpano13 Project" for product "Libpano13" | 2.9.20 Search vendor "Libpano13 Project" for product "Libpano13" and version "2.9.20" | rc1 |
Affected
| ||||||
| Libpano13 Project Search vendor "Libpano13 Project" | Libpano13 Search vendor "Libpano13 Project" for product "Libpano13" | 2.9.20 Search vendor "Libpano13 Project" for product "Libpano13" and version "2.9.20" | rc2 |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||