Vulnerability Description
A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synthesiagame | Synthesia | <= 10.8 |
Related Weaknesses (CWE)
References
- https://isopach.dev/CVE-2021-33897Third Party Advisory
- https://synthesiagame.com/newsRelease NotesVendor Advisory
- https://isopach.dev/CVE-2021-33897Third Party Advisory
- https://synthesiagame.com/newsRelease NotesVendor Advisory
FAQ
What is CVE-2021-33897?
CVE-2021-33897 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed...
How severe is CVE-2021-33897?
CVE-2021-33897 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33897?
Check the references section above for vendor advisories and patch information. Affected products include: Synthesiagame Synthesia.