Lucene search
MitreCVELIST:CVE-2023-40238HistoryDec 07, 2023 - 12:00 a.m.
CVE-2023-40238
2023-12-0700:00:00
mitre
www.cve.org
cve-2023-40238
image parsing
crafted bmp logo
uefi execution
integer signedness error
pixelheight
pixelwidth
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.
Related
prion
prion
Integer overflow
2023-12-07 04:15:00
cve
cve
CVE-2023-40238
2023-12-07 04:15:06
nvd
nvd
CVE-2023-40238
2023-12-07 04:15:06
cert
cert
Image files in UEFI can be abused to modify boot behavior
2023-12-06 00:00:00
hp
hp
Certain HP PC BIOS Logo Vulnerabilities
2024-06-28 00:00:00