VMSA-2021-0009
1. Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Horizon Client for Windows
2. Introduction
Multiple vulnerabilities in VMware Workstation and Horizon Client for Windows were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in affected VMware products.
3. Multiple out-of-bounds read vulnerabilities via Cortado ThinPrint (CVE-2021-21987, CVE-2021-21988, CVE-2021-21989)
Description
VMware Workstation and Horizon Client for Windows contain multiple out-of-bounds read vulnerabilities in the Cortado ThinPrint component. These issues exist in the TTC and JPEG2000 parsers. VMware has evaluated the severity of these issues to be in the low severity range with a CVSSv3 base score of 3.2.
Known Attack Vectors
A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
https://www.vmware.com/security/advisories/VMSA-2021-0009.html
