본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26603 | bandisoft ARK library heap overflow vulnerability2021.09.08
□ Overview
 o bandisoft Co.,Ltd released security update to address heap  overflow vulnerability in ARK library.
Vulnerability Type Impact Severity CVSS Score CVE ID
Heap based buffer overflow arbitrary code execution High 8.6 CVE-2021-26603

□ Description
 o A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. (CVE-2021-26603)
 o This vulnerability is due to missing support for string length check.


□ Affected Product
Product Version Platform
ARK library prior to 7.13.0.3 version Windows

□ Solution
 o Update software over 7.16.0.1 version or higher.

□ Reference
 [1] https://kr.bandisoft.com/ark/

□ Etc
 o Thanks to Jaeyoung Jeong for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀