CVE-2021-21832

Vulnerability

A memory corruption vulnerability exists in the ISO parsing functionality of Disc Soft Ltd Daemon Tools Pro version 8.3.0.0767 [1]. The bug is an integer overflow (CWE-680) during a memory allocation operation. When parsing a specially crafted ISO file, the software reads the size field from an ISO directory record and multiplies it by 16 (via a left shift) using a 32-bit register. An attacker can supply a large value that causes an integer overflow, resulting in a malloc of size 0 or a very small buffer [1]. Subsequently, the data from the ISO file is written to this undersized buffer, leading to an out-of-bounds write on the heap [1].

Exploitation

An attacker can exploit this vulnerability by providing a malicious ISO file to the user. No authentication or special network position is required beyond the ability to deliver the file (e.g., via email, download, or physical media). The user must open the file with Daemon Tools Pro, which triggers the vulnerable code path [1]. The integer overflow occurs during parsing of the directory record size, and the subsequent memory copy operation writes controlled data beyond the allocated heap buffer [1].

Impact

Successful exploitation results in heap memory corruption, which can lead to arbitrary code execution in the context of the Daemon Tools Pro process [1]. The CVSSv3 score is 8.1 (High), with impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) [1]. An attacker could achieve a full compromise of the affected system, depending on the process privileges.

Mitigation

As of the publication date (2021-08-17), no official fix or updated version has been released by Disc Soft Ltd [1]. Users are advised to exercise caution when opening ISO files from untrusted sources until a patch is available. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the latest update.