Out-of-Bounds Write Vulnerability in KeyShot Versions v10.1 and Prior

Out-of-Bounds Write Vulnerability in KeyShot Versions v10.1 and Prior

CVE-2021-27488 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.

Learn more about our User Device Pen Test.