CVE-2021-25665

Name of the Vulnerable Software and Affected Versions Simcenter STAR-CCM+ Viewer versions prior to V2021.2.1

Description The issue is related to a buffer overflow when parsing SCE format files, which could allow an attacker to execute arbitrary code or cause a denial of service by using a specially crafted file. The starview+.exe application lacks proper validation of user-supplied data when parsing scene files, resulting in an out of bounds write past the end of an allocated structure.

Recommendations For versions prior to V2021.2.1, update to version V2021.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the starview+.exe application until a patch is applied. Avoid using the application to parse untrusted or unknown SCE format files until the issue is resolved.