CVE-2021-29097
Published: Mar 25, 2021
Modified: Sep 17, 2024
CVSS v3.0
7.8
Description
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
| Vendor | Product | Versions |
|---|---|---|
Esri | ArcReader | affected All - < 10.9.0 |
Esri | ArcGIS Desktop | affected All - < 10.9.0 |
Esri | ArcGIS Engine | affected All - < 10.9.0 |
Esri | ArcGIS Engine | affected All - < 10.9.0 |
Esri | ArcGIS Pro | affected All - < 4.7.2 |
Esri | ArcGIS Desktop Background Geoprocessing | affected All - < 10.9 |
Esri | ArcGIS Desktop Background Geoprocessing | affected All - < 10.9 |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now