VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 29, 2021· Updated Nov 19, 2024

CVE-2021-31512

CVE-2021-31512

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13677.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenText Brava! Desktop Build 16.6.4.55 has an out-of-bounds read in TIF parsing that allows remote code execution via user opening a malicious file.

Vulnerability

The vulnerability exists in OpenText Brava! Desktop Build 16.6.4.55 within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to execute code in the context of the current process.

Exploitation

To exploit this vulnerability, an attacker must persuade a user to visit a malicious page or open a malicious TIF file. No special privileges or network position are required other than standard user interaction.

Impact

Successful exploitation grants the attacker arbitrary code execution in the context of the current process, leading to full compromise of confidentiality, integrity, and availability.

Mitigation

No official fix has been released as of the advisory date [1]. Users should exercise caution when opening TIF files from untrusted sources and consider using sandboxing or restricting use of the affected software until a patch is available.

References
  1. ZDI-21-690

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Brave/Brave desktopllm-fuzzy
    Range: = 16.6.4.55
  • OpenText/Brava! Desktopv5
    Range: Build 16.6.4.55

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.