CVE-2021-40417

Name of the Vulnerable Software and Affected Versions DPDecoder service (affected versions not specified)

Description The issue arises when the DPDecoder service parses a submitted file as a job, using decoding parameters and fields parsed by the R3D SDK to calculate a heap buffer size. An integer overflow in this calculation can lead to an undersized heap buffer allocation. When this buffer is written to, a heap-based buffer overflow occurs, potentially resulting in code execution under the context of the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.