Описание
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.
Ссылки
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2021.1.0.27 (включая)
cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00068
Низкий
7.8 High
CVSS3
Дефекты
CWE-908
Связанные уязвимости
CVSS3: 7.8
github
около 3 лет назад
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.
EPSS
Процентиль: 21%
0.00068
Низкий
7.8 High
CVSS3
Дефекты
CWE-908