arcreader use-after-free
CVE-2021-29117

7.8HIGH

Key Information:

Vendor

Esri

Status
Arcreader
Vendor
CVE Published:
12 August 2022

What is CVE-2021-29117?

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

Affected Version(s)

ArcReader x86 Windows All < 10.8.2

References

https://www.esri.com/arcgis-blog/products/arcgis-desktop/...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-29117 : arcreader use-after-free