CVE-2021-27494

Name of the Vulnerable Software and Affected Versions KeyShot versions prior to v10.1 Datakit Software libraries CatiaV5 3dRead, CatiaV6 3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot versions v10.1 and prior

Description The issue is related to the lack of proper validation of user-supplied data when parsing STP files, which could result in a stack-based buffer overflow. This could allow an attacker to execute code in the context of the current process.

Recommendations For KeyShot versions prior to v10.1, update to a version later than v10.1 to resolve the issue. As a temporary workaround, consider avoiding the use of STP files in KeyShot until a patch is available. Restrict access to the CatiaV5 3dRead, CatiaV6 3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules to minimize the risk of exploitation.