CVE-2021-42917

NameCVE-2021-42917
DescriptionBuffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3712-1
Debian Bugs998419

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kodi (PTS)stretch2:17.1+dfsg1-3vulnerable
buster (security), buster, buster (lts)2:17.6+dfsg1-4+deb10u1fixed
bullseye2:19.1+dfsg2-2+deb11u1fixed
bookworm2:20.1+dfsg-1fixed
sid, trixie2:21.1+dfsg-5fixed
xbmc (PTS)jessie2:13.2+dfsg1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kodisourcebuster2:17.6+dfsg1-4+deb10u1DLA-3712-1
kodisourcebullseye2:19.1+dfsg2-2+deb11u1
kodisource(unstable)2:19.3+dfsg1-1998419
xbmcsourcejessie(unfixed)end-of-life
xbmcsource(unstable)(unfixed)

Notes

[stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
https://github.com/xbmc/xbmc/issues/20305
https://github.com/xbmc/xbmc/pull/20306

Search for package or bug name: Reporting problems