CVE-2021-21871: PowerISO DMG File Format Handler memory corruption vulnerability

PowerISO is a powerful CD/DVD/BD image file processing tool, which allows to open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files with an internal virtual drive. Recent versions provide support for Apple Disk Image file format (also known as DMG – file extension).

On June 28, 2021, Cisco Talos issued a risk notice for the PowerISO out-of-bounds write vulnerability. The vulnerability number is CVE-2021-21871 with the CVSSv3 Score of 8.8.
CVE-2021-21871

Vulnerability Detail

PowerISO has a memory out-of-bounds write vulnerability when processing image files in DMG format. By constructing a special DMG image file, the attacker can trick the user into using the software to open it, and then control the user’s computer

Affected version

  • PowerISO 7.9

Solution

In this regard, we recommend that users upgrade PowerISO to the latest version in time.