![]() ![]() An attacker could leverage this vulnerability to execute code in the context of the current process.ĬVE-2021-27496 has been assigned to this vulnerability. This could lead to pointer dereferences of a value obtained from an untrusted source. ![]() 3.2.4 UNTRUSTED POINTER DEREFERENCE CWE-822Īffected applications lack proper validation of user-supplied data when parsing PRT files. A CVSS v3 base score of 7.8 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). An attacker could leverage this vulnerability to execute code in the context of the current process.ĬVE-2021-27494 has been assigned to this vulnerability. This could result in a stack-based buffer overflow. 3.2.3 STACK-BASED BUFFER OVERFLOW CWE-121Īffected applications lack proper validation of user-supplied data when parsing STP files. A CVSS v3 base score of 5.5 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.ĬVE-2021-27492 has been assigned to this vulnerability. When opening a specially crafted 3DXML file, the application could disclose arbitrary files to remote attackers. 3.2.2 IMPROPER RESTRICTIONS ON XML EXTERNAL ENTITY REFERENCE CWE-611 An attacker could leverage this vulnerability to execute code in the context of the current process.ĬVE-2021-27488 has been assigned to this vulnerability. This could result in an out-of-bounds write past the end of an allocated structure. The following versions of Luxion software, 3D rendering and animation software, are bundled with the affected Datakit libraries:ģ.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787Īffected applications lack proper validation of user-supplied data when parsing CATPart files. The following modules of Datakit CrossCADWare, Versions 2021.1 and earlier, a library embedded in end-user applications, are affected: Successful exploitation of these vulnerabilities could lead to execution of arbitrary code and disclosure of arbitrary files to unauthorized actors. Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Stack-Based buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read.Equipment: Software libraries embedded in Luxion KeyShot software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |