Miggo Logo
Miggo Vulnerability Database
CVE-2021-28308

CVE-2021-28308:
Out of bounds read in fltk

9.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-28308
GHSA ID
GHSA-vjmg-pc8h-p6p8
EPSS Score
0.61972%
CWE
CWE-125
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
fltkrust< 0.15.30.15.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The CVE-2021-28308 description explicitly states the vulnerability stems from missing pixmap validation in the constructor. The RustSec advisory lists 'fltk::image::Pixmap::new' in affected functions with versions <0.15.2 being vulnerable, specifically citing 'pixmap constructor would not check for correct pixmaps' as the issue. While other functions are mentioned in related CVEs, this is the only one directly tied to the out-of-bounds read described in CVE-2021-28308.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** *ltk *r*t* ***or* *.**.* *or Rust. T**r* is *n out-o* *oun*s r*** ****us* t** pixm*p *onstru*tor l**ks pixm*p input v*li**tion.

Reasoning

T** *V*-****-***** **s*ription *xpli*itly st*t*s t** vuln*r**ility st*ms *rom missin* pixm*p `v*li**tion` in t** *onstru*tor. T** RustS** **visory lists '*ltk::im***::Pixm*p::n*w' in *****t** *un*tions wit* v*rsions <*.**.* **in* vuln*r**l*, sp**i*i*