본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26603 | bandisoft ARK library heap overflow vulnerability2021.09.08
□ Overview
 o bandisoft Co.,Ltd released security update to address heap  overflow vulnerability in ARK library.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Heap d buffer overflow arbitrary code execution High 8.6 CVE-2021-26603

□ Description
 o A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. (CVE-2021-26603)
 o This vulnerability is due to missing support for length check.


□ Affected Product
Affected Product
Product Version Platform
ARK library prior to 7.13.0.3 version Windows

□ Solution
 o Update software over 7.16.0.1 version or higher.

□ Reference
 [1] https://kr.bandisoft.com/ark/

□ Etc
 o Thanks to Jaeyoung Jeong for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀