CVE-2021-38405 Vulnerability Details

  /     /     /  

CVE-2021-38405 Metadata Quick Info

CVE Published: 21/11/2023 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: icscert | Vendor: Siemens | Product: JT2Go
Status : PUBLISHED

---

CVE-2021-38405 Description

The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Metrics

CVSS Version: 3.1 | Base Score: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-119
CWE Name: CWE-119
Source: Siemens

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).