PT-2021-23885 · Open Design Alliance · Open Design Alliance Prc Sdk

Mat Powell

Published

2021-11-16

Updated

2021-11-26

CVE-2021-43581

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Design Alliance PRC SDK versions prior to 2022.11

Description The issue exists within the parsing of U3D files, specifically due to the incorrect use of the LibJpeg source manager inside the U3D library. Crafted data in a U3D file can trigger a read past the end of an allocated buffer, allowing an attacker to execute code in the context of the current process.

Recommendations For versions prior to 2022.11, update to a version 2022.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of U3D file parsing functionality until a patch is available. Avoid using crafted U3D files that can trigger the out-of-bounds read.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-43581

ZDI-21-1310

ZDI-21-1311

Affected Products

Open Design Alliance Prc Sdk

PT-2021-23885 · Open Design Alliance · Open Design Alliance Prc Sdk

CVE-2021-43581

Weakness Enumeration

Related Identifiers

Affected Products

References · 6