GCVE - cpe:2.3:a:esri:arcmap:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:esri:arcmap:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Esri (`7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82`)
Product	Arcmap (`074e5231-5a97-5ea9-894f-b14389fa27af`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-29098`	vulnerable	2026-06-03 14:44:19.642178	ArcGIS general raster security update: uninitialized pointer HIGH (7.8) Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Published: 2021-03-25T20:37:05.516Z Updated: 2025-04-10T15:22:04.460Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/ https://www.zerodayinitiative.com/advisories/ZDI-21-361/ https://www.zerodayinitiative.com/advisories/ZDI-21-362/ https://www.zerodayinitiative.com/advisories/ZDI-21-372/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29097`	vulnerable	2026-06-03 14:44:19.641397	ArcGIS general raster security update: buffer overflow HIGH (7.8) Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Published: 2021-03-25T20:36:03.915Z Updated: 2024-09-17T03:17:27.744Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/ https://www.zerodayinitiative.com/advisories/ZDI-21-367/ https://www.zerodayinitiative.com/advisories/ZDI-21-371/ https://www.zerodayinitiative.com/advisories/ZDI-21-364/ https://www.zerodayinitiative.com/advisories/ZDI-21-363/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29096`	vulnerable	2026-06-03 14:44:19.640632	ArcGIS general raster security update: use-after-free HIGH (7.8) A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Published: 2021-03-25T18:37:37.051Z Updated: 2024-09-17T03:42:41.962Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/ https://www.zerodayinitiative.com/advisories/ZDI-21-370/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1661`	vulnerable	2026-06-03 14:31:43.925872	Details available ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. Published: 2012-07-12T21:00:00.000Z Updated: 2024-09-16T23:46:27.819Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/19138 http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/ http://www.securitytracker.com/id?1027170 http://www.osvdb.org/82986	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.