PT-2021-16919 · Acd Systems · Acdsee Professional 2021
Published
2021-01-25
·
Updated
2021-02-04
·
CVE-2021-26026
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ACDSee Professional 2021 version 14.0 1721
Description
The issue is related to a User Mode Write Access Violation in the PlugInsIDE ACDStd.apl component of ACDSee Professional 2021. This violation occurs when processing a crafted BMP image, starting at the
JPEGTransW+0x000000000000c7f4 location.Recommendations
For ACDSee Professional 2021 version 14.0 1721, consider avoiding the use of crafted BMP images to minimize the risk of exploitation. As a temporary workaround, restrict the use of the
PlugInsIDE ACDStd.apl component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acdsee Professional 2021