Advisory Details Title: Vector 35 Binary Ninja BNDB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ID: ZDI-21-678, ZDI-CAN-13668 CVE ID: CVE-2021-31515 CVSS Score: 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Vendor: Vector 35 Affected Product: Binary Ninja Vulnerability Details: Allows remote attackers to execute arbitrary code on affected installations. Flaw exists in parsing of BNDB files due to lack of proper validation of user-supplied data. Can result in a read past the end of an allocated data structure. Requires user interaction (visiting a malicious page or opening a malicious file). Additional Details: Vector 35 has issued an update to correct this vulnerability. More details can be found at: Link Disclosure Timeline: 2021-04-27: Vulnerability reported to vendor 2021-06-10: Coordinated public release 2021-06-29: Advisory Updated Credit: Mat Powell of Trend Micro Zero Day Initiative Date: June 10th, 2021