CVE-2021-29097

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier

Description: Multiple buffer overflow vulnerabilities exist when parsing a specially crafted file, allowing an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

Recommendations: For Esri ArcReader versions 10.8.1 and earlier, update to a version later than 10.8.1. For ArcGIS Desktop versions 10.8.1 and earlier, update to a version later than 10.8.1. For ArcGIS Engine versions 10.8.1 and earlier, update to a version later than 10.8.1. For ArcGIS Pro versions 2.7 and earlier, update to a version later than 2.7.

Fix

Heap Based Buffer Overflow

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-119CWE-121

Related Identifiers

CVE-2021-29097

ZDI-21-360

ZDI-21-363

ZDI-21-364

ZDI-21-365

ZDI-21-366

ZDI-21-367

ZDI-21-368

ZDI-21-369

ZDI-21-371

Affected Products

Arcgis Desktop

Arcgis Engine

Arcgis Pro

Esri Arcreader

CVE-2021-29097

Weakness Enumeration

Related Identifiers

Affected Products

References · 15