CVE-2021-34292

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959)

Related Vulnerabilities

CVE-1999-0022

HIGH
CVSS:7.8(High)

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CWE-1251999

CVE-2014-7825

HIGH
CVSS:7.8(High)

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of servic...

CWE-1252014

CVE-2015-2325

HIGH
CVSS:7.8(High)

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unsp...

CWE-1252015

CVE-2016-10244

HIGH
CVSS:7.8(High)

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buff...

CWE-1252016

CVE-2016-10269

HIGH
CVSS:7.8(High)

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer ...

CWE-1252016

CVE-2016-10270

HIGH
CVSS:7.8(High)

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and lib...

CWE-1252016