CVE-2021-29980

High

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable…

mozilla·CWE-909·Published 2021-08-17

CVSS

8.8

EPSS

0.01

KEV

Exploits

Vendor statements (2)

cve.orgen

248 chars

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

NVDes

370 chars

Una memoria no inicializada en un objeto canvas podría haber causado una función free() incorrecta, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.13, Thunderbird versiones anteriores a 91, Firefox ESR versiones anteriores a 78.13 y Firefox versiones anteriores a 91.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H