CVE-2021-43086

Name of the Vulnerable Software and Affected Versions ARM astcenc version 3.2.0

Description The issue is related to a Buffer Overflow vulnerability. When the compression function of the astc-encoder project is used with the -cl option, a stack-buffer-overflow occurs in the encode ise() function, which is called by the compress symbolic block for partition 2planes() function in the "/Source/astcenc compress symbolic.cpp" file.

Recommendations For ARM astcenc version 3.2.0, consider disabling the encode ise() function or restricting the use of the compression function with the -cl option until a patch is available. Additionally, avoid using the affected astc-encoder project with the -cl option to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.