CVE-2021-29098

VULNERABILITY SUMMARY: CVE-2021-29098 affects Esri ArcReader and related Esri products (ArcReader, ArcGIS Desktop/Engine 10.8.1 and earlier, ArcGIS Pro 2.7 and earlier). Root cause: parsing of PMF files yields an uninitialized pointer access, enabling arbitrary code execution in the context of th...

CVE-2021-29097

CVE-2021-29097 corresponds to Esri ArcReader/ArcGIS PMF file parsing vulnerabilities that allow remote code execution via buffer overflow in the PMF parsing logic. The connected ZDI advisories describe heap- and stack-based buffer overflow variants (PMF parsing) that enable code execution in the ...

CVE-2021-29118

CVE-2021-29118 — Esri ArcReader PMF parsing out-of-bounds read affects ArcReader 10.8.1 and earlier. The flaw is triggered while parsing PMF files, causing an information disclosure in the context of the current user. Some sources describe remote exploitation with user interaction required; other...

CVE-2021-29117

Esri ArcReader vulnerable in 10.8.1 and earlier due to a use-after-free in PMF file parsing, permitting arbitrary code execution in the user’s context. Exploitation requires the user to handle a crafted PMF (remote code execution possible, with user interaction). Affected versions are 10.8.1 and ...

CVE-2021-29112

CVE-2021-29112 affects Esri ArcReader 10.8.1 and earlier. The vulnerability is an out-of-bounds read during PMF file parsing that can disclose information to an unauthenticated attacker, under the context of the current user. Exploitation requires user interaction (per sources), and the issue is ...

CVE-2021-29096

The CVE-2021-29096 issue affects Esri ArcReader, ArcGIS Desktop/Engine (10.8.1 and earlier) and ArcGIS Pro (2.7 and earlier). It is a use-after-free in PMF file parsing that allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. In the described...