CVE-2021-3548 – CVE-2021-3548 is a buffer overflow vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-3548?

CVE-2021-3548 has a CVSS score of 7.1 (HIGH). CVE-2021-3548 is a buffer overflow vulnerability in dmg2img versions through 20170502 where improper validation of read buffer size during memcpy() can leak memory layout information. This information disclosure could potentially be leveraged as part of an exploit chain to achieve code execution. Users who process untrusted DMG files with vulnerable dmg2img versions are affected.

📋 TL;DR

CVE-2021-3548 is a buffer overflow vulnerability in dmg2img versions through 20170502 where improper validation of read buffer size during memcpy() can leak memory layout information. This information disclosure could potentially be leveraged as part of an exploit chain to achieve code execution. Users who process untrusted DMG files with vulnerable dmg2img versions are affected.

💻 Affected Systems

Products:

dmg2img

Versions: All versions through 20170502

Operating Systems: Linux, Unix-like systems, macOS, Windows (if compiled)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when processing DMG files.

📦 What is this software?

Dmg2img by Dmg2img Project

View all CVEs affecting Dmg2img →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory layout information disclosure combined with other vulnerabilities could lead to remote code execution when processing malicious DMG files.

🟠

Likely Case

Information disclosure revealing memory addresses that could aid in bypassing ASLR protections for subsequent attacks.

🟢

If Mitigated

Limited impact if system has proper memory protections (ASLR, DEP) and dmg2img isn't processing untrusted files.

🌐 Internet-Facing: LOW - dmg2img is typically a local command-line tool, not an internet-facing service.

🏢 Internal Only: MEDIUM - Risk exists if users process untrusted DMG files from internal sources or external media.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user to process a malicious DMG file. The vulnerability alone provides information disclosure, not direct code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 20170502 (check specific distribution packages)

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1959585

Restart Required: No

Instructions:

1. Check your distribution's security updates. 2. Update dmg2img package using your package manager. 3. For source installations, download and compile latest version from official repository.

🔧 Temporary Workarounds

Avoid processing untrusted DMG files

all

Do not use dmg2img to convert DMG files from untrusted sources.

Use alternative tools

all

Use other DMG extraction tools that are not vulnerable.

🧯 If You Can't Patch

Restrict dmg2img usage to trusted users only
Implement strict file validation before processing DMG files

🔍 How to Verify

Check if Vulnerable:

Check dmg2img version: dmg2img --version or rpm -q dmg2img or dpkg -l dmg2img

Check Version:

dmg2img --version 2>&1 | head -1

Verify Fix Applied:

Verify installed version is newer than 20170502 and check for security updates in package manager.

📡 Detection & Monitoring

Log Indicators:

Unusual dmg2img process execution patterns
Multiple failed DMG conversion attempts

Network Indicators:

N/A - local tool execution

SIEM Query:

process.name == "dmg2img" AND process.cmd_line CONTAINS ".dmg"

📊 Metadata

CVE ID: CVE-2021-3548

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: May 26, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1959585 Issue Tracking,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1959585 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3548, you might also want to check these: