PT-2020-3951 · Cortado+1 · Cortado Thinprint+2

Pig

Published

2020-09-14

Updated

2020-11-17

CVE-2020-3988

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 15.x Horizon Client for Windows versions 5.x before 5.4.4

Description: The issue is related to an out-of-bounds read in the Cortado ThinPrint component, specifically the JPEG2000 parser, which can be exploited by a malicious actor with normal access to a virtual machine. This could lead to a partial denial-of-service condition or memory leakage from the TPView process. The vulnerability may allow an attacker to gain unauthorized access to protected information and cause a denial of service.

Recommendations: For VMware Workstation version 15.x, update to a version that includes the fix for the Cortado ThinPrint component vulnerability. For Horizon Client for Windows versions 5.x before 5.4.4, update to version 5.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cortado ThinPrint component until a patch is available.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2020-04344

CVE-2020-3988

ZDI-20-1181

Affected Products

Cortado Thinprint

Horizon Client For Windows

Vmware Workstation

PT-2020-3951 · Cortado+1 · Cortado Thinprint+2

CVE-2020-3988

Weakness Enumeration

Related Identifiers

Affected Products

References · 6