CVE-2021-21988

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Published: May 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21988
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
vmware / workstation	16.0.0	16.1.2
vmware / horizon_client	5.0.0	5.5.2

https://www.vmware.com/security/advisories/VMSA-2021-0009.html
https://www.zerodayinitiative.com/advisories/ZDI-21-609/

Vulnerability Database

289,599

CVE-2021-21988