Low

VMSA-2021-0009
3.2
2021-05-20
2021-05-20 (Initial Advisory)
CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilities (CVE-2021-21987, CVE-2021-21988, CVE-2021-21989)

Share this page on social media

Sign up for Security Advisories

1. Impacted Products
  • VMware Workstation Pro / Player (Workstation)
  • VMware Horizon Client for Windows
2. Introduction

Multiple vulnerabilities in VMware Workstation and Horizon Client for Windows were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in affected VMware products.

3. Multiple out-of-bounds read vulnerabilities via Cortado ThinPrint (CVE-2021-21987, CVE-2021-21988, CVE-2021-21989)

Description

VMware Workstation and Horizon Client for Windows contain multiple out-of-bounds read vulnerabilities in the Cortado ThinPrint component. These issues exist in the TTC and JPEG2000 parsers. VMware has evaluated the severity of these issues to be in the low severity range with a CVSSv3 base score of 3.2.

Known Attack Vectors

A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Resolution

To remediate CVE-2021-21987 (TTC parser), CVE-2021-21988 (JPEG2000 parser) and CVE-2021-21989 (TTC parser) apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client for Windows.

Acknowledgements

VMware would like to thank Anonymous working with Trend Micro's Zero Day Initiative for reporting these issues (CVE-2021-21987, CVE-2021-21988 and CVE-2021-21989) and Hou JingYi (@hjy79425575) of Qihoo 360 for reporting CVE-2021-21987 to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
Horizon Client for Windows
5.x and prior
Windows
CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
low
5.5.2
None
None
Workstation
16.x
Any
CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
low
16.1.2
None
None
4. References
5. Change Log

2021-05-20 VMSA-2021-0009
Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

 

This Security Advisory is posted to the following lists:  

security-announce@lists.vmware.com  

bugtraq@securityfocus.com  

fulldisclosure@seclists.org 

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories 

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2021 VMware Inc. All rights reserved.