CVE-2021-32297: LIEF heap-buffer-overflow

May 24, 2022 (updated September 30, 2024)

An issue was discovered in LIEF prior to version 0.11.0. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.

References

github.com/advisories/GHSA-22x7-vwh9-5w4g
github.com/lief-project/LIEF
github.com/lief-project/LIEF/commit/19e06755e8ce1ecf136360a5c36cded3701ac253
github.com/lief-project/LIEF/issues/449
github.com/pypa/advisory-database/tree/main/vulns/lief/PYSEC-2021-324.yaml
nvd.nist.gov/vuln/detail/CVE-2021-32297

Detect and mitigate CVE-2021-32297 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →