Lucene search

CVE-2021-29097

🗓️ 25 Mar 2021 21:13:15Reported by EsriType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 47 Views

CVE-2021-29097 Multiple buffer overflow vulnerabilities in Esri product

Reporter	Title	Published	Views	Family All 13
Zero Day Initiative	Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Zero Day Initiative	Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	30 Mar 202100:00	–	zdi
Prion	Buffer overflow	25 Mar 202121:15	–	prion

Nvd

Node

esri arcgis_engineRange≤10.8.1

esri arcgis_proRange≤2.7

esri arcmapRange≤10.8.1

esri arcreaderRange≤10.8.1

[
  {
    "platforms": [
      "x86"
    ],
    "product": "ArcReader",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9.0",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "x86"
    ],
    "product": "ArcGIS Desktop",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9.0",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "x64"
    ],
    "product": "ArcGIS Engine",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9.0",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "x86"
    ],
    "product": "ArcGIS Engine",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9.0",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "x64"
    ],
    "product": "ArcGIS Pro",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "4.7.2",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "x86"
    ],
    "product": "ArcGIS Desktop Background Geoprocessing",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "x64"
    ],
    "product": "ArcGIS Desktop Background Geoprocessing",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-365/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-369/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-363/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-368/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-360/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-364/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-367/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-371/
esri	www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Mar 2021 21:15Current

8High risk

Vulners AI Score8

CVSS26.8

CVSS37.8

EPSS0.00448

cve-2021-29097 buffer overflow esri arcreader arcgis desktop arcgis engine arcgis pro nvd security vulnerability