CVE-2021-29097
EUVD-2021-1573825.03.2021, 21:15
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| esri | arcgis_engine | 𝑥 ≤ 10.8.1 |
| esri | arcgis_pro | 𝑥 ≤ 2.7 |
| esri | arcmap | 𝑥 ≤ 10.8.1 |
| esri | arcreader | 𝑥 ≤ 10.8.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
References