CVE-2021-22545
HIGHBinDiff < 7.0 - Use-After-Free via Crafted IdaPro *.i64 File
Title source: llmDescription
An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7
References (1)
Core 1
Core References
Product, Release Notes, Vendor Advisory x_refsource_misc
https://www.zynamics.com/bindiff/manual/index.html#nyyyy7
Scores
CVSS v3
7.5
EPSS
0.0021
EPSS Percentile
10.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
google/bindiff
< 7.0
Published
Jun 29, 2021
Tracked Since
Feb 18, 2026