CVE-2021-22545

HIGH

BinDiff < 7.0 - Use-After-Free via Crafted IdaPro *.i64 File

Title source: llm
STIX 2.1

Description

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7

References (1)

Core 1
Core References
Product, Release Notes, Vendor Advisory x_refsource_misc
https://www.zynamics.com/bindiff/manual/index.html#nyyyy7

Scores

CVSS v3 7.5
EPSS 0.0021
EPSS Percentile 10.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
google/bindiff < 7.0
Published Jun 29, 2021
Tracked Since Feb 18, 2026