CVE-2021-38101

Name of the Vulnerable Software and Affected Versions Corel PhotoPaint Standard version 22.0.0.474

Description The issue is related to an out-of-bounds read in the CDRRip.dll library, which can be exploited by a remote attacker to execute arbitrary code in the context of the current user. This can be achieved by using a specially crafted CPT file. The exploitation requires user interaction, as the victim must open the malicious file.

Recommendations For Corel PhotoPaint Standard version 22.0.0.474, consider avoiding the use of the CDRRip.dll library until a patch is available. As a temporary workaround, refrain from opening untrusted CPT files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.