CVE-2021-38405

Name of the Vulnerable Software and Affected Versions Datalogics APDFL library (affected versions not specified) Siemens JT2Go (affected versions not specified)

Description The issue is related to a memory corruption condition that occurs while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. There is also a mention of an out-of-bounds write that could lead to remote code execution and an out-of-bounds read that could result in information disclosure.

Recommendations For the Datalogics APDFL library, consider disabling the PDF parsing functionality until a patch is available. For Siemens JT2Go, restrict access to PDF file parsing to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.