Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: VEX Vulnerability Details - SANS Internet Storm Center VEX Vulnerability Details


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VEXID-140186
Published 2021-12-14 12:15:00
Last Modified 2021-12-14 19:17:00
AKA CVE-2021-44447
Summary A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)
CVSS Score 6.8
CVSS
Access Vector Local Adjacent Network
Access Complexity Low Medium High
Authentication None Single Multiple
Confidentiality None Partial Complete
Integrity None Partial Complete
Availability None Partial Complete