CVE-2021-34919: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-34919) was discovered in Bentley View version 10.15.0.75. The vulnerability exists within the parsing of JP2 files and results from the lack of validating the existence of an object prior to performing operations on the object (NVD, ZDI Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of JP2 files, where the application fails to validate the existence of an object before performing operations on it. This vulnerability is classified as CWE-416 (Use After Free) (NVD).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. The vulnerability affects confidentiality, integrity, and availability of the system with high severity (ZDI Advisory).

Bentley has released version 10.16.02.* to address this vulnerability. Users are recommended to update to the latest version of the software. As a general best practice, it is also recommended to only open JP2 files coming from trusted sources (Bentley Advisory).