CVE-2021-42917

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-42917
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42917.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-42917
Downstream
Published
2021-11-01T19:15:07Z
Modified
2025-09-19T13:27:44.102488Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.

References

Affected packages

Git / github.com/fuzzard/xbmc

Affected ranges

Type
GIT
Repo
https://github.com/fuzzard/xbmc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
80c8138c09598e88b4ddb6dbb279fa193bbb3237
Type
GIT
Repo
https://github.com/xbmc/xbmc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
48730b64494798705d46dfccc4029bd36d072df3

Affected versions

14.*

14.0a2-Helix
14.0a3-Helix
14.0a4-Helix
14.0b1-Helix
14.0b2-Helix
14.0b3-Helix
14.0b4-Helix
14.0b5-Helix
14.0rc1-Helix
14.0rc2-Helix
14.0rc3-Helix

15.*

15.0a1-Isengard
15.0a2-Isengard
15.0b1-Isengard
15.0b2-Isengard
15.0rc1-Isengard

16.*

16.0a1-Jarvis
16.0a2-Jarvis
16.0a3-Jarvis
16.0a4-Jarvis
16.0b1-Jarvis
16.0b2-Jarvis

17.*

17.0a1-Krypton
17.0a2-Krypton
17.0a3-Krypton
17.0b1-Krypton
17.0b2-Krypton
17.0b3-Krypton
17.0b4-Krypton
17.0b5-Krypton
17.0b6-Krypton

18.*

18.0-Leia
18.0a1-Leia
18.0a2-Leia
18.0a3-Leia
18.0b1-Leia
18.0b1v2-Leia
18.0b2-Leia
18.0b3-Leia
18.0b4-Leia
18.0b5-Leia
18.0rc1-Leia
18.0rc2-Leia
18.0rc3-Leia
18.0rc4-Leia
18.0rc5-Leia
18.0rc5.2-Leia
18.1-Leia
18.1rc1-Leia
18.2rc1-Leia

19.*

19.0-Matrix
19.0RC1-Matrix
19.0a1-Matrix
19.0a2-Matrix
19.0a3-Matrix
19.0b1-Matrix
19.0b1Android-Matrix
19.0b2-Matrix

Other

Frodo_alpha1
Frodo_alpha2
Frodo_alpha3
Frodo_alpha4
Frodo_alpha5
Frodo_alpha6
Frodo_alpha7
Frodo_beta1
Frodo_beta2
Frodo_beta3
Frodo_rc1
Frodo_rc2
Frodo_rc3
Gotham_alpha1
Gotham_alpha10
Gotham_alpha11
Gotham_alpha2
Gotham_alpha3
Gotham_alpha4
Gotham_alpha5
Gotham_alpha6
Gotham_alpha7
Gotham_alpha8
Gotham_alpha9
howto-cleanup-logic
legacy_drop_vs
master-last-commmit-before-python3-merge

Database specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "152448986931517141631931618082030122476",
                    "173064288670576767280976837742951420035",
                    "15205614205871181415836855196701805972",
                    "336055780239469795852335282898795588148",
                    "203921010307016786020586253181146907182",
                    "39429620224066715997403372314622650447",
                    "268399885667487201733117008760641765433",
                    "196628942495930255134811054411820298455",
                    "163584444075878666636260034844832758028"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "xbmc/playlists/PlayListPLS.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237",
            "id": "CVE-2021-42917-413cd711"
        },
        {
            "signature_type": "Function",
            "digest": {
                "function_hash": "239015864931717022205884530245420625809",
                "length": 2008.0
            },
            "target": {
                "function": "CPlayListASX::LoadData",
                "file": "xbmc/playlists/PlayListPLS.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237",
            "id": "CVE-2021-42917-8e438c3b"
        }
    ]
}