Vulnerability Details CVE-2021-33897
A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2021-33897
-
cpe:2.3:a:synthesiagame:synthesia:0.4.0
-
cpe:2.3:a:synthesiagame:synthesia:0.5.0
-
cpe:2.3:a:synthesiagame:synthesia:0.5.1
-
cpe:2.3:a:synthesiagame:synthesia:0.6.0
-
cpe:2.3:a:synthesiagame:synthesia:0.6.1
-
cpe:2.3:a:synthesiagame:synthesia:0.6.2
-
cpe:2.3:a:synthesiagame:synthesia:0.6.3
-
cpe:2.3:a:synthesiagame:synthesia:0.6.4
-
cpe:2.3:a:synthesiagame:synthesia:0.6.5
-
cpe:2.3:a:synthesiagame:synthesia:0.7.0
-
cpe:2.3:a:synthesiagame:synthesia:0.7.1
-
cpe:2.3:a:synthesiagame:synthesia:0.7.2
-
cpe:2.3:a:synthesiagame:synthesia:0.7.3
-
cpe:2.3:a:synthesiagame:synthesia:0.7.4
-
cpe:2.3:a:synthesiagame:synthesia:0.7.5
-
cpe:2.3:a:synthesiagame:synthesia:0.8.0
-
cpe:2.3:a:synthesiagame:synthesia:0.8.1
-
cpe:2.3:a:synthesiagame:synthesia:0.8.2
-
cpe:2.3:a:synthesiagame:synthesia:0.8.3
-
cpe:2.3:a:synthesiagame:synthesia:10
-
cpe:2.3:a:synthesiagame:synthesia:10.1
-
cpe:2.3:a:synthesiagame:synthesia:10.2
-
cpe:2.3:a:synthesiagame:synthesia:10.3
-
cpe:2.3:a:synthesiagame:synthesia:10.4
-
cpe:2.3:a:synthesiagame:synthesia:10.5
-
cpe:2.3:a:synthesiagame:synthesia:10.5.1
-
cpe:2.3:a:synthesiagame:synthesia:10.6
-
cpe:2.3:a:synthesiagame:synthesia:10.7
-
cpe:2.3:a:synthesiagame:synthesia:10.8
-
cpe:2.3:a:synthesiagame:synthesia:8.4
-
cpe:2.3:a:synthesiagame:synthesia:8.5
-
cpe:2.3:a:synthesiagame:synthesia:8.6
-
cpe:2.3:a:synthesiagame:synthesia:9