Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability [CVE-2021-21832]

CVE number = CVE-2021-21832

A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

DAEMON Tools Pro is a powerful and professional emulation software to work with disc images and virtual drives. It allows mounting of ISO images on Windows systems.

When parsing a specifically crafted ISO file it is possible to cause a memory corruption. This is due to an integer overflow during a malloc operation.

Tested Versions

Disc Soft Ltd Daemon Tools Pro 8.3.0.0767

Please check the supplier website for any available updates – https://www.daemon-tools.cc/

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: