Login Sign Up

CVE-2021-33479

7.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability exists in gocr's measure_pitch() function in pgm2asc.c. This allows attackers to execute arbitrary code or cause denial of service by providing specially crafted PGM image files. Users of gocr for optical character recognition are affected.

💻 Affected Systems

Products:
  • gocr
Versions: All versions through 0.53-20200802
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing PGM (Portable Gray Map) image files.

📦 What is this software?

Optical Character Recognition by Optical Character Recognition Project

View all CVEs affecting Optical Character Recognition →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the gocr process, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through application crash when processing malicious image files.

🟢

If Mitigated

Limited impact if gocr runs in sandboxed environment with minimal privileges.

🌐 Internet-Facing: MEDIUM - gocr is typically used locally, but could be exposed via web applications processing uploaded images.
🏢 Internal Only: MEDIUM - Local users or automated systems processing untrusted PGM files could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires providing a malicious PGM file to gocr. Public bug reports include technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 0.53-20200802

Vendor Advisory: https://security.gentoo.org/glsa/202401-28

Restart Required: No

Instructions:

1. Update gocr package using system package manager. 2. For Gentoo: emerge --sync && emerge -av gocr. 3. For Red Hat-based: yum update gocr. 4. For source builds: Download latest version from SourceForge.

🔧 Temporary Workarounds

Disable PGM processing

linux

Remove or restrict access to gocr binary to prevent processing of PGM files.

chmod 000 /usr/bin/gocr
mv /usr/bin/gocr /usr/bin/gocr.disabled

Input validation

all

Implement file type validation before passing images to gocr.

🧯 If You Can't Patch

  • Run gocr in containerized/sandboxed environment with minimal privileges.
  • Implement strict access controls to limit which users can execute gocr.

🔍 How to Verify

Check if Vulnerable:

Check gocr version: gocr --version 2>&1 | head -1

Check Version:

gocr --version 2>&1 | grep -o '[0-9]\+\.[0-9]\+.*'

Verify Fix Applied:

Verify version is newer than 0.53-20200802 and test with known safe PGM files.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from gocr process
  • Unexpected process termination

Network Indicators:

  • Unusual outbound connections from gocr process if exploited

SIEM Query:

process_name:"gocr" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2021-33479
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: November 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33479, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)