CVE-2021-40589 – CVE-2021-40589 is an integer underflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2021-40589?

CVE-2021-40589 has a CVSS score of 9.8 (CRITICAL). CVE-2021-40589 is an integer underflow vulnerability in ZAngband's zangband-data 2.7.5 that occurs when processing bitmap file headers. This allows attackers to execute arbitrary code or cause denial of service by exploiting the underflow in the fileheader.bfOffBits variable. Users running ZAngband with zangband-data 2.7.5 are affected.

📋 TL;DR

CVE-2021-40589 is an integer underflow vulnerability in ZAngband's zangband-data 2.7.5 that occurs when processing bitmap file headers. This allows attackers to execute arbitrary code or cause denial of service by exploiting the underflow in the fileheader.bfOffBits variable. Users running ZAngband with zangband-data 2.7.5 are affected.

💻 Affected Systems

Products:

ZAngband
zangband-data

Versions: zangband-data 2.7.5

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the game's bitmap file processing code; exploitation requires loading malicious bitmap files.

📦 What is this software?

Zangband Data by Zangband Data Project

View all CVEs affecting Zangband Data →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Application crash with no privilege escalation if proper sandboxing and memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction (loading malicious bitmap files) but ZAngband is typically not internet-facing.

🏢 Internal Only: LOW - ZAngband is a single-player roguelike game typically run in isolated user contexts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting malicious bitmap files and convincing users to load them in ZAngband.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: zangband-data 2.7.6 or later

Vendor Advisory: https://sourceforge.net/p/zangband/bugs/671/

Restart Required: Yes

Instructions:

1. Download latest zangband-data from SourceForge. 2. Replace existing zangband-data files. 3. Restart ZAngband.

🔧 Temporary Workarounds

Disable bitmap file loading

linux

Prevent ZAngband from loading external bitmap files

chmod 000 ~/.zangband/*.bmp
chmod 000 /usr/share/zangband/*.bmp

Run with memory protection

linux

Enable ASLR and other memory protections

sysctl -w kernel.randomize_va_space=2

🧯 If You Can't Patch

Isolate ZAngband in a sandboxed environment or virtual machine
Restrict file permissions to prevent loading of untrusted bitmap files

🔍 How to Verify

Check if Vulnerable:

Check zangband-data version: grep 'Version' /usr/share/zangband/README or check installed package version

Check Version:

grep -i version /usr/share/zangband/README 2>/dev/null || echo 'Check package manager for zangband-data version'

Verify Fix Applied:

Verify zangband-data version is 2.7.6 or later

📡 Detection & Monitoring

Log Indicators:

ZAngband crash logs with memory access violations
Unexpected bitmap file loading attempts

Network Indicators:

None - this is a local file processing vulnerability

SIEM Query:

process_name:"zangband" AND (event_type:"crash" OR event_type:"access_violation")

📊 Metadata

CVE ID: CVE-2021-40589

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-191

Published: June 8, 2022

Last Updated: November 21, 2024

🔗 References

https://sourceforge.net/p/zangband/bugs/671/ Exploit,Issue Tracking,Third Party Advisory
https://sourceforge.net/p/zangband/bugs/671/ Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40589, you might also want to check these: