PT-2021-18086 · Esri · Arcgis Pro+3
Francis Provencher
·
Published
2021-03-25
·
Updated
2025-05-05
·
CVE-2021-29098
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Esri ArcReader versions 10.8.1 and earlier
ArcGIS Desktop versions 10.8.1 and earlier
ArcGIS Engine versions 10.8.1 and earlier
ArcGIS Pro versions 2.7 and earlier
Description:
The issue arises from multiple uninitialized pointer vulnerabilities when parsing a specially crafted file. This allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
Recommendations:
For Esri ArcReader versions 10.8.1 and earlier, update to a version later than 10.8.1.
For ArcGIS Desktop versions 10.8.1 and earlier, update to a version later than 10.8.1.
For ArcGIS Engine versions 10.8.1 and earlier, update to a version later than 10.8.1.
For ArcGIS Pro versions 2.7 and earlier, update to a version later than 2.7.
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arcgis Desktop
Arcgis Engine
Arcgis Pro
Esri Arcreader