PT-2021-16918 · Acd Systems · Acdsee Professional 2021
Published
2021-01-25
·
Updated
2021-02-04
·
CVE-2021-26025
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ACDSee Professional 2021 version 14.0 1721
Description
The issue is related to a User Mode Write Access Violation in the
IDE ACDStd.apl plugin of ACDSee Professional 2021. This violation occurs when processing a crafted BMP image, starting at the zlibVersion+0x0000000000004e5e location.Recommendations
For ACDSee Professional 2021 version 14.0 1721, consider avoiding the use of crafted BMP images to prevent exploitation until a patch is available. As a temporary workaround, restricting access to the
IDE ACDStd.apl plugin may help minimize the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acdsee Professional 2021