CVE-2021-42917

NameCVE-2021-42917
DescriptionBuffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs998419

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kodi (PTS)stretch2:17.1+dfsg1-3vulnerable
buster2:17.6+dfsg1-4vulnerable
bullseye2:19.1+dfsg2-2vulnerable
bookworm, sid2:19.3+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kodisource(unstable)2:19.3+dfsg1-1998419
xbmcsource(unstable)(unfixed)

Notes

[bullseye] - kodi <no-dsa> (Minor issue)
[buster] - kodi <no-dsa> (Minor issue)
[stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
https://github.com/xbmc/xbmc/issues/20305
https://github.com/xbmc/xbmc/pull/20306

Search for package or bug name: Reporting problems