CVE-2021-21988

Published: May 24, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Vendor	Product	Versions
n/a	VMware Workstation Pro / Player (Workstation), VMware Horizon Client for Windows	affected `VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2)`

References

https://www.vmware.com/security/advisories/VMSA-2021-0009.html

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-609/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-21988

Description

Affected Products

References