CVE-2021-32436

Vulnerability

An out-of-bounds read vulnerability exists in the write_title() function in subs.c of abcm2ps version 8.14.11. The flaw occurs when the code at line 1465 accesses &s->text[2] without verifying that the SYMBOL structure's text field contains at least two characters. A specially crafted ABC music notation file can trigger this condition, leading to a read beyond the allocated buffer [1].

Exploitation

An attacker can exploit this issue by providing a malicious ABC file to the abcm2ps parser. No authentication or special privileges are required; network delivery (e.g., via a web upload or email attachment) suffices. The parsing flow proceeds from treat_file() through frontend(), abc_parse(), do_tune(), get_info(), write_heading(), and finally to write_title(), where the out-of-bounds access occurs, resulting in a segmentation fault [1].

Impact

Successful exploitation causes the abcm2ps process to crash, resulting in a denial of service (DoS). The impact is limited to availability; there is no evidence of information disclosure or arbitrary code execution from this read vulnerability [1].

Mitigation

Details regarding a patched version have not been disclosed in the available references. The repository was archived as read-only, and no official fix has been published. Users should consider limiting the processing of untrusted ABC files as a workaround. Fedora package announcements listed in references [2], [3], and [4] are blocked by an Anubis proof-of-work challenge and could not be evaluated.