VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 29, 2021· Updated Oct 21, 2024

CVE-2021-31514

CVE-2021-31514

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds write in OpenText Brava! Desktop CGM parsing allows remote code execution with user interaction.

Vulnerability

The vulnerability exists in OpenText Brava! Desktop Build 16.6.4.55 within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can lead to a write past the end of an allocated buffer. This allows remote code execution in the context of the current process. [1]

Exploitation

An attacker must convince a user to visit a malicious webpage or open a malicious CGM file. No authentication is required, but user interaction is necessary. The exploit triggers the out-of-bounds write during parsing of the crafted file. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the current process. This can lead to full compromise of the affected system, including data disclosure, modification, or denial of service. [1]

Mitigation

No fix has been released by the vendor as of the publication date. Users should avoid opening untrusted CGM files or visiting untrusted pages in Brava! Desktop. Monitor vendor updates for a patch. [1]

References
  1. ZDI-21-692

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Brave/Brave desktopllm-fuzzy
    Range: = Build 16.6.4.55
  • OpenText/Brava! Desktopv5
    Range: Build 16.6.4.55

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.