PT-2021-3250 · Cortado+1 · Cortado Thinprint+2
Published
2021-05-20
·
Updated
2021-06-04
·
CVE-2021-21988
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
VMware Workstation versions 16.x prior to 16.1.2
Horizon Client for Windows versions 5.x prior to 5.5.2
Description
The issue is related to an out-of-bounds read vulnerability in the Cortado ThinPrint component, specifically the JPEG2000 Parser, of VMware Workstation and Horizon Client for Windows. This vulnerability can be exploited by a malicious actor with access to a virtual machine or remote desktop, potentially leading to information disclosure from the TPView process.
Recommendations
For VMware Workstation versions 16.x prior to 16.1.2, update to version 16.1.2 or later.
For Horizon Client for Windows versions 5.x prior to 5.5.2, update to version 5.5.2 or later.
As a temporary workaround, consider restricting access to the Cortado ThinPrint component until a patch is applied.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cortado Thinprint
Horizon Client For Windows
Vmware Workstation