The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in insufficient checking of the length of user data before it is copied to the stack-based buffer. This allows attackers to execute arbitrary code.

🗓️ 14 Nov 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

CorelDRAW Graphics Suite flaw in CGM parsing allows code execution via crafted web page or file.

Reporter	Title	Published	Views	Family All 11
CNNVD	Corel CorelDRAW Graphics Suite 安全漏洞	29 Mar 202300:00	–	cnnvd
CNVD	Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29425)	31 Oct 202200:00	–	cnvd
CVE	CVE-2022-43613	29 Mar 202300:00	–	cve
Cvelist	CVE-2022-43613	29 Mar 202300:00	–	cvelist
EUVD	EUVD-2022-46609	3 Oct 202520:07	–	euvd
NVD	CVE-2022-43613	29 Mar 202319:15	–	nvd
Prion	Stack overflow	29 Mar 202319:15	–	prion
Positive Technologies	PT-2022-5417 · Corel · Coreldraw Graphics Suite	26 Jan 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-43613	6 Feb 202501:53	–	redhatcve
Vulnrichment	CVE-2022-43613	29 Mar 202300:00	–	vulnrichment

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-16356
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-22-1471/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-16356/

14 Nov 2022 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 27.2

CVSS 37.8

EPSS0.00926

corelDRAW graphics suite vector graphics parsing buffer overflow arbitrary code execution