The vulnerabilities of the libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr—programming environments for rendering 3D models by Luxion KeyShot—allow attackers to execute arbitrary code.

The vulnerability of the Luxion KeyShot 3D-modeling software libraries—CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr—is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code...

CVE-2021-27490

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code...

CVE-2021-27492

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of...

Default credentials

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An...

Code injection

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An...

CVE-2021-27490

Datakit CrossCADWare libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr embedded in Luxion KeyShot (versions ≤ 10.1) are affected by CVE-2021-27490 due to an out-of-bounds read when parsing CATPart data, potentially allowing code execution in the affected process. Red ...

CVE-2021-27492

The CVE-2021-27492 entry concerns Datakit CrossCADWare libraries (CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr) embedded in Luxion KeyShot v10.1 and earlier. The connected Red Hat, ZDI, and ICS/CERT records confirm a concrete XXE-style vulnerability: when opening a special...

CVE-2021-27492

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of...