CVE-2021-29095
ArcGIS Server image service and raster analytics security update: uninitialized pointer
In short
ArcGIS Server has a flaw where uninitialized memory pointers are not properly checked when processing specially crafted files. An authenticated attacker with specific permissions can exploit this to run arbitrary code with the service's privileges.
Technical detail
Uninitialized pointer vulnerabilities in ArcGIS Server 10.8.1 and earlier exist in image service and raster analytics components during file parsing. An authenticated attacker with specialized permissions can craft a malicious file to trigger memory corruption, achieving arbitrary code execution in the service account context (CWE-824).
Summary generated and translated by AI from the official description.
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Affected products
Esri · ArcGIS ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →