CVE-2021-21871: PowerISO DMG File Format Handler memory corruption vulnerability
PowerISO is a powerful CD/DVD/BD image file processing tool, which allows to open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files with an internal virtual drive. Recent versions provide support for Apple Disk Image file format (also known as DMG – file extension).
On June 28, 2021, Cisco Talos issued a risk notice for the PowerISO out-of-bounds write vulnerability. The vulnerability number is CVE-2021-21871 with the CVSSv3 Score of 8.8.
Vulnerability Detail
PowerISO has a memory out-of-bounds write vulnerability when processing image files in DMG format. By constructing a special DMG image file, the attacker can trick the user into using the software to open it, and then control the user’s computer
Affected version
- PowerISO 7.9
Solution
In this regard, we recommend that users upgrade PowerISO to the latest version in time.
