ArcGIS general raster security update: buffer overflow
CVE-2021-29097

7.8HIGH

Key Information:

Vendor

Esri

Status
Arcreader
Arcgis Desktop
Arcgis Engine
Arcgis Pro
Vendor
CVE Published:
25 March 2021

What is CVE-2021-29097?

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ArcGIS Desktop Background Geoprocessing x64 All < 10.9

ArcGIS Desktop Background Geoprocessing x86 All < 10.9

ArcGIS Desktop x86 All < 10.9.0

References

https://www.esri.com/arcgis-blog/products/arcgis/administ...
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-367/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-371/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.