Cancel

NULL Pointer Dereference | Deark

Mar 15, 2021 2021-03-15T11:34:00+08:00 by Fatih Çelik

Updated Apr 15, 2021 2021-04-15T20:44:53+08:00 1 min

Software: https://github.com/jsummers/deark/

Version: 1.5.7-1

Vulnerability: NULL Pointer Dereference

CVE: CVE-2021-28855

Description of the product:

A utility for file format and metadata analysis, data extraction, decompression, and image format decoding.

Summary:

An issue was discovered in Deark v1.5.7-1. A specially crafted input file can cause a NULL pointer dereference in dbuf_write function (src/deark-dbuf.c:1376).

Fix:

https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb

Vulnerability Research

vulnerability research

This post is licensed under CC BY 4.0 by the author.

Recent Update

Missing IP Address Control in isPublic() Function Leads to SSRF Bypass PoC
Group Office CRM | Stored XSS via SVG File
Group Office CRM | SSRF
Division By Zero | Deark
NULL Pointer Dereference | Deark

NULL Pointer Dereference | Deark

Further Reading

CMSUno 1.6.2 | RCE [Authenticated] (password.php) | CVE-2020-25557

Sentrifugo 3.2 | RCE [Authenticated] (announcements) | CVE-2020-26804

Sentrifugo 3.2 | RCE [Authenticated] (assets) | CVE-2020-26803

Trending Tags