CVE-2021-30354

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
References
Link Resource
https://research.checkpoint.com/2021/i-can-take-over-your-kindle/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:amazon:kindle_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amazon:kindle:-:*:*:*:*:*:*:*

Information

Published : 2021-09-01 11:15

Updated : 2021-09-10 07:55


NVD link : CVE-2021-30354

Mitre link : CVE-2021-30354


JSON object : View

CWE
CWE-190

Integer Overflow or Wraparound

Advertisement

dedicated server usa

Products Affected

amazon

  • kindle_firmware
  • kindle