Vulnerability DatabaseCVE-2021-33897

CVE-2021-33897:
Homebrew vulnerability analysis and mitigation

Overview

A buffer overflow vulnerability exists in Synthesia before version 10.7.5567 when using a non-Latin locale. The vulnerability allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes that is mishandled during deletion. Additionally, in Synthesia before version 10.9, an improper path handling vulnerability allows local attackers to cause a denial of service via a crafted MIDI file with malformed bytes (MITRE CVE, Isopach Blog).

Technical details

The vulnerability has a CVSS Base Score of 7.1 with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. The issue affects non-privileged users, meaning even Guest Users can trigger the vulnerability. The bug manifests when attempting to delete a specially crafted MIDI file with malformed bytes while using a non-Latin locale (Isopach Blog).

Impact

When successfully exploited, the vulnerability results in a persistent crash of the Synthesia application, causing a denial of service condition. The application becomes unusable until restarted, though there may be potential for further exploitation which has not been confirmed (Isopach Blog).

Mitigation and workarounds

The vulnerability has been fixed in Synthesia version 10.9. Users are advised to upgrade to this version or later to mitigate the risk (Synthesia News, Isopach Blog).

Additional resources

Source: This report was generated using AI

Related Homebrew vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-58360	CRITICAL	9.8	Java	org.geoserver.web:gs-web-app	No	Yes	Nov 25, 2025
CVE-2025-65085	HIGH	8.4	NixOS	cobalt	No	No	Nov 25, 2025
CVE-2025-65084	HIGH	8.4	NixOS	argon	No	No	Nov 25, 2025
CVE-2025-59789	HIGH	7.5	Homebrew	brpc	No	Yes	Dec 01, 2025
CVE-2025-64761	HIGH	7.5	Wolfi	openbao	No	Yes	Nov 25, 2025