PT-2021-17479 · Luxion · Keyshot
Rgod
·
Published
2021-05-12
·
Updated
2021-06-09
·
CVE-2021-27496
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
KeyShot versions prior to v10.1
Datakit Software libraries CatiaV5 3dRead, CatiaV6 3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot versions v10.1 and prior
Description
The issue arises from the lack of proper validation of user-supplied data when parsing PRT files, potentially leading to pointer dereferences of a value obtained from an untrusted source. This could allow an attacker to execute code in the context of the current process.
Recommendations
For KeyShot versions prior to v10.1, update to a version newer than v10.1 to resolve the issue.
As a temporary workaround, consider restricting the use of the CatiaV5 3dRead, CatiaV6 3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules until a patch is available.
Avoid using untrusted PRT files in the affected KeyShot versions until the issue is resolved.
Fix
Untrusted Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keyshot