CVE-2021-29094
ArcGIS Server image service and raster analytics security update: buffer overflow
In short
A buffer overflow vulnerability in ArcGIS Server allows an authenticated attacker with special permissions to crash the service or run malicious code by uploading a specially crafted file.
Technical detail
Multiple buffer overflow vulnerabilities exist in ArcGIS Server 10.8.1 and earlier when parsing specially crafted files in image services and raster analytics. An authenticated attacker with specialized permissions can trigger memory corruption leading to arbitrary code execution within the service account context.
Summary generated and translated by AI from the official description.
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Affected products
Esri · ArcGIS ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →