CVE-2021-26623

Summary

A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.

Affected Software

VendorProductVersion RangeStatus
Bandisoft International Inc.Bandizipunspecified <= 7.19affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read
  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References