{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20307", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "n/a", "product": { "product_data": [ { "product_name": "libpano13", "version": { "version_data": [ { "version_value": "libpano13 2.9.20_rc3" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-134" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/", "url": "https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/" }, { "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1946284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946284" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20210412 [SECURITY] [DLA 2624-1] libpano13 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00010.html" }, { "refsource": "FEDORA", "name": "FEDORA-2021-67cbea4608", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JE6YZSXNVD6WZ3AG3ENL2DIHQFF24LYX/" }, { "refsource": "FEDORA", "name": "FEDORA-2021-596fc11138", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYDYBKHT2MNMQCUMAVJNZW4VH6MD5BOF/" }, { "refsource": "FEDORA", "name": "FEDORA-2021-af806dd42d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FVJRXUOBN56ZWP6QQ3NTA6DIFZMDZAEQ/" }, { "refsource": "GENTOO", "name": "GLSA-202107-47", "url": "https://security.gentoo.org/glsa/202107-47" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values." } ] } }