Page 14 of 127 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-21493 – SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-21493

When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato Graphics Interchange Format (.GIF) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-289 https://www.zerodayinitiative.com/advisories/ZDI-21-290 https://www.zerodayinitiative.com/advisories/ZDI-21-291 https://www.zerodayinitiative.com/advisories/ZDI-21-293 https://www.zerodayinitiative.com/advisories/ZDI-21-295 https://www.zerodayinitiative.com/advisories/ZDI-21-296 https://www.zerodayinitiative.com/advisories •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-21464

https://notcve.org/view.php?id=CVE-2021-21464

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo PCX manipulado recibido de fuentes no confiables, lo cual resulta en un bloqueo de la aplicación y que no esté disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación de Entrada Inapropiada • https://launchpad.support.sap.com/#/notes/3002617 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-21453 – SAP 3D Visual Enterprise Viewer RLE File Parsing Memory Corruption Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-21453

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo RLE manipulado recibido de fuentes no confiables, lo cual resulta en un bloqueo de la aplicación y que no esté disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación de Entrada Inapropiada This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3002617 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-21458 – SAP 3D Visual Enterprise Viewer IFF File Parsing Memory Corruption Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-21458

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo IFF manipulado recibido de fuentes no confiables, lo cual resulta en un bloqueo de la aplicación y que no esté disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación de Entrada Inapropiada This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3002617 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-21461 – SAP 3D Visual Enterprise Viewer BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-21461

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo BMP manipulado recibido de fuentes no confiables, lo cual resulta en un bloqueo de la aplicación y que no esté disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación de Entrada Inapropiada This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3002617 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 • CWE-787: Out-of-bounds Write •