CVE-2021-32297

Vulnerability

A heap-buffer-overflow exists in the main function of pe_reader.c in LIEF through version 0.11.4 [2]. The vulnerability occurs when processing specially crafted PE files, leading to a read of size 1 beyond an allocated buffer [3].

Exploitation

An attacker can trigger this vulnerability by providing a malicious PE file to the pe_reader example tool. No authentication or special privileges are required; the attack is conducted locally or via a service that processes untrusted PE files. The overflow is detected by AddressSanitizer as a heap-buffer-overflow [3].

Impact

Successful exploitation allows the attacker to achieve arbitrary code execution, as indicated by the CVE description [2]. The overflow can corrupt adjacent memory, potentially leading to control of the process.

Mitigation

The issue is fixed in LIEF version 0.11.5 and later [1]. Users should upgrade to the latest stable release (0.17.6) [1]. For versions before 0.11.5, avoid processing untrusted PE files with the pe_reader tool as a workaround.