Headline
CVE-2021-26615: KISA 인터넷 보호나라&KrCERT
ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.
Security Advisory
CVE-2021-26615 | bandisoft ARK Library integer overflow vulnerability2021.11.25
□ Overview
o bandisoft Co.,Ltd released security update to address integer overflow vulnerability in ARK library.(decompression module)
Vulnerability Type
Impact
Severity
CVSS Score
CVE ID
integer overflow
remote code execution
High
7.8
CVE-2021-26615
□ Description
o ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function
because of an integer overflow.
□ Affected Product
Product
Version
Platform
ARK library
7.13.0.3
Linux Ubuntu
□ Solution
o Update software over 7.16.0.1 version or higher.
□ Reference
[1] https://kr.bandisoft.com/ark/
□ Acknowledgements
o Thanks to Jae Young Jeong for reporting this vulnerability
□ 작성 : 침해사고분석단 취약점분석팀
트위터 페이스북