PT-2021-23797 · Open Design Alliance · Open Design Alliance Prc Sdk

Mat Powell

Published

2021-11-10

Updated

2021-11-17

CVE-2021-43277

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Design Alliance PRC SDK versions prior to 2022.10

Description An out-of-bounds read issue exists in the U3D file reading procedure. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. This can be leveraged by an attacker, in conjunction with other issues, to execute arbitrary code in the context of the current process.

Recommendations For versions prior to 2022.10, update to a version 2022.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of U3D files until a patch is available. Avoid using crafted U3D files that can trigger the out-of-bounds read.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-43277

ZDI-21-1283

ZDI-21-1285

ZDI-21-1289

ZDI-21-1290

ZDI-21-1297

Affected Products

Open Design Alliance Prc Sdk

PT-2021-23797 · Open Design Alliance · Open Design Alliance Prc Sdk

CVE-2021-43277

Weakness Enumeration

Related Identifiers

Affected Products

References · 10