Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2022/02/16 12:0 a.m.35 views

KiCad EDA Gerber Viewer gerber and excellon coordinates parsing stack-based buffer overflow vulnerability

Summary Multiple stack-based buffer overflow vulnerabilities exist in the Gerber Viewer gerber and excellon coordinates parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a maliciou...

8.2AI score
Exploits0
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2021/12/06 12:0 a.m.35 views

Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a maliciou...

10CVSS9.6AI score0.03064EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.35 views

Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

9.9CVSS8.6AI score0.03656EPSS
Exploits1
Talos
Talos
added 2021/05/19 12:0 a.m.35 views

Apple macOS SMB server signature verification information disclosure vulnerability

Summary An information disclosure vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger an integer overflow, leading to information disclosure, cryptographic check bypass and denial of service. This vulnerability can be triggered by sending a maliciou...

6.5CVSS7.7AI score0.01825EPSS
Exploits0
Talos
Talos
added 2021/04/22 12:0 a.m.35 views

Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability

Talos Vulnerability Report TALOS-2021-1239 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability April 22, 2021 CVE Number CVE-2021-31517 SUMMARY A denial-of-service vulnerability exists in the tdts.ko TRF file-parsing functionality of Trend Micro Inc.’s...

7.8CVSS7AI score0.01097EPSS
Exploits0
Talos
Talos
added 2020/11/05 12:0 a.m.35 views

Adobe Acrobat Reader DC form field format use after free

Talos Vulnerability Report TALOS-2020-1156 Adobe Acrobat Reader DC form field format use after free November 5, 2020 CVE Number CVE-2020-24437 SUMMARY A specific JavaScript code embedded in a PDF file can trigger a use-after-free vulnerability when opening a PDF document in Adobe Acrobat Reader D...

7.8CVSS7.7AI score0.45125EPSS
Exploits0
Talos
Talos
added 2020/07/14 12:0 a.m.35 views

Intel IGC64.DLL Shader Functionality HeapReAlloc code execution vulnerability

Summary An exploitable double free vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted geometry shader can cause a double free vulnerability, leading to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger...

9CVSS9AI score0.05532EPSS
Exploits0
Talos
Talos
added 2020/01/27 12:0 a.m.35 views

Accusoft ImageGear PNG pngread width code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to t...

9.8CVSS9AI score0.03687EPSS
Exploits1
Talos
Talos
added 2019/08/19 12:0 a.m.35 views

Nest Labs Openweave Weave ASN1Writer PutValue Code Execution Vulnerability

Summary An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to...

8.8CVSS8.7AI score0.01617EPSS
Exploits1
Talos
Talos
added 2019/01/02 12:0 a.m.36 views

Clean My Mac X disableLaunchdAgentAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

7.1CVSS6AI score0.00309EPSS
Exploits0
Talos
Talos
added 2019/01/02 12:0 a.m.35 views

CleanMyMac X truncateFileAtPath Privilege Escalation Vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...

7.1CVSS6AI score0.00309EPSS
Exploits0
Talos
Talos
added 2018/04/12 12:0 a.m.35 views

NASA CFITSIO `ffgkyn` Stack Overflow Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigg...

8.8CVSS8.9AI score0.02842EPSS
Exploits1
Talos
Talos
added 2018/04/10 12:0 a.m.35 views

Simple DirectMedia Layer SDL2_Image load_xcf_tile_rle Information Disclosure Vulnerability

Summary An exploitable information vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this...

6.5CVSS6.8AI score0.01824EPSS
Exploits1
Talos
Talos
added 2018/03/01 12:0 a.m.35 views

Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.8AI score0.02395EPSS
Exploits0
Talos
Talos
added 2018/01/11 12:0 a.m.35 views

Blender Sequencer imb_loadhdr Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .hdr file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

8.8CVSS7.9AI score0.01866EPSS
Exploits1
Talos
Talos
added 2018/01/09 12:0 a.m.35 views

CPP-Ethereum JSON-RPC miner_setGasPrice improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

8.1CVSS7.5AI score0.01658EPSS
Exploits2
Talos
Talos
added 2017/10/31 12:0 a.m.35 views

Circle with Disney Weak Authentication Vulnerability

Summary An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of...

9.8CVSS9AI score0.01516EPSS
Exploits2
Talos
Talos
added 2017/10/31 12:0 a.m.35 views

Circle with Disney Backup API Command Injection Vulnerability

Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...

9.8CVSS9.3AI score0.01516EPSS
Exploits2
Talos
Talos
added 2017/04/18 12:0 a.m.35 views

Lexmark Perceptive Document Filters XLS ShapeHLink Information Disclosure Vulnerability

Summary An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 Tested...

4.3CVSS4AI score0.00908EPSS
Exploits2
Talos
Talos
added 2017/02/27 12:0 a.m.35 views

Iceni Argus TrueType Font File Cmap Table Code Execution Vulnerability

Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than...

9.3CVSS8.1AI score0.0225EPSS
Exploits2
Talos
Talos
added 2016/08/06 12:0 a.m.35 views

Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0185 Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-5646 Description An exploitable heap overflow vulnerability exists in the Compound Binary File Format CBFF parser functionality of Lexmark Perceptive...

7.8CVSS0.1AI score0.0203EPSS
Exploits2
Talos
Talos
added 2016/07/19 12:0 a.m.35 views

Oracle OIT IX SDK libvs_pdf Xref Offset Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0102 Oracle OIT IX SDK libvspdf Xref Offset Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3580 Description A vulnerability in PDF parser of the IX SDK exists that results in out of bounds heap memory access following an unchecked memory...

9CVSS8.5AI score0.0393EPSS
Exploits1
Talos
Talos
added 2016/07/19 12:0 a.m.35 views

Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity

Talos Vulnerability Report TALOS-2016-0100 Oracle OIT IX SDK libvspdf FlateDecode Colors Denial of Service Vulnerabiity July 19, 2016 CVE Number CVE-2016-3578 DESCRIPTION A null pointer dereference leading to process crash can occur while parsing a malformed PDF file. TESTED VERSIONS Oracle Outsi...

9CVSS0.4AI score0.0393EPSS
Exploits1
Talos
Talos
added 2016/02/08 12:0 a.m.35 views

Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0027 Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 DESCRIPTION An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can...

10CVSS10.1AI score0.06841EPSS
Exploits1
Talos
Talos
added 2015/10/21 12:0 a.m.35 views

Network Time Protocol ntpq atoascii Memory Corruption Vulnerability

Talos Vulnerability Report TALOS-2015-0063 Network Time Protocol ntpq atoascii Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7852 Description A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffe...

5.9CVSS7.8AI score0.12282EPSS
Exploits0
Talos
Talos
added 2015/06/30 12:0 a.m.35 views

Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2015-0018 Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability June 30, 2015 CVE Number CVE-2015-3667 Description There is a remote code execution vulnerability in Apple Quicktime. An attacker who can control the data inside an stbl atom in a .mov...

6.8CVSS4.8AI score0.03635EPSS
Exploits0
Talos
Talos
added 2024/07/22 12:0 a.m.34 views

Ankitects Anki MPV script injection vulnerability

Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...

9.6CVSS9.5AI score0.15067EPSS
Exploits1
Talos
Talos
added 2024/05/01 12:0 a.m.34 views

Tinyproxy HTTP request parsing uninitialized memory vulnerability

Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially craft...

2.6CVSS7.7AI score
Exploits0
Talos
Talos
added 2024/04/03 12:0 a.m.34 views

Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability

Talos Vulnerability Report TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability April 3, 2024 CVE Number CVE-2024-27201 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Configuration functionali...

4.9CVSS5.5AI score0.00662EPSS
Exploits1
Talos
Talos
added 2024/02/15 12:0 a.m.34 views

Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1901 Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability February 15, 2024 CVE Number CVE-2024-20731 SUMMARY A use-after-free vulnerability exists in the FileAttachment PDAnnot object processing in Adobe Acrobat Reader...

7.8CVSS8.3AI score0.02611EPSS
Exploits0
Talos
Talos
added 2023/11/27 12:0 a.m.34 views

Foxit Reader signature field OnBlur event use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1839 Foxit Reader signature field OnBlur event use-after-free vulnerability November 27, 2023 CVE Number CVE-2023-38573 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascrip...

8.8CVSS9.1AI score0.01907EPSS
Exploits1
Talos
Talos
added 2023/10/12 12:0 a.m.34 views

SoftEther VPN CiRpcAccepted() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1754 SoftEther VPN CiRpcAccepted authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-27516 SUMMARY An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially...

7.8CVSS7.5AI score0.0053EPSS
Exploits1
Talos
Talos
added 2023/07/13 12:0 a.m.34 views

Apple DCERPC call request uninitialized memory heap overflow vulnerability

Talos Vulnerability Report TALOS-2022-1677 Apple DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-27934 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in Apple macOS 12.6.1 that c...

8.8CVSS9.1AI score0.01785EPSS
Exploits0
Talos
Talos
added 2023/01/26 12:0 a.m.34 views

Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1607 Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40969 SUMMARY An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020....

8.8CVSS8AI score0.05808EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.34 views

OpenImageIO TGA Format Stack Buffer Overflow Vulnerability

Talos Vulnerability Report TALOS-2022-1628 OpenImageIO TGA Format Stack Buffer Overflow Vulnerability December 22, 2022 CVE Number CVE-2022-41981 SUMMARY A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can...

8.1CVSS8.6AI score0.0104EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.34 views

Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_serial_mac OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1566 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetserialmac OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29472 SUMMARY An OS command injection vulnerability exists in the web interface utilsetserialmac...

10CVSS9.8AI score0.04433EPSS
Exploits1
Talos
Talos
added 2022/08/17 12:0 a.m.34 views

Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2022-1497 Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability August 17, 2022 CVE Number CVE-2022-35821 SUMMARY An out-of-bounds read vulnerability exists in the /proc/fdt mmap operation functionality of Microsoft Azure Sphere 22.02. A...

4.4CVSS5.1AI score0.01004EPSS
Exploits0
Talos
Talos
added 2022/08/16 12:0 a.m.34 views

HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1485 HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability August 16, 2022 CVE Number CVE-2022-25972 SUMMARY An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to...

7.8CVSS8.2AI score0.00589EPSS
Exploits1
Talos
Talos
added 2022/08/16 12:0 a.m.34 views

WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability August 16, 2022 CVE Number CVE-2022-30547 SUMMARY A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364...

9.9CVSS9.7AI score0.63666EPSS
Exploits1
Talos
Talos
added 2022/06/15 12:0 a.m.34 views

Anker Eufy Homebase 2 mips_collector appsrv_server use-after-free vulnerability

Talos Vulnerability Report TALOS-2022-1440 Anker Eufy Homebase 2 mipscollector appsrvserver use-after-free vulnerability June 15, 2022 CVE Number CVE-2022-21806 SUMMARY A use-after-free vulnerability exists in the mipscollector appsrvserver functionality of Anker Eufy Homebase 2 2.1.8.5h. A...

10CVSS9.6AI score0.02227EPSS
Exploits1
Talos
Talos
added 2022/05/17 12:0 a.m.34 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_UNORDERED_ACCESS_VIEW_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLUNORDEREDACCESSVIEWSTRUCTURED functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from gue...

8.5CVSS8.6AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/05/10 12:0 a.m.34 views

InHand Networks InRouter302 console factory stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. Tested...

9.1CVSS7.7AI score0.03105EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.34 views

Lansweeper lansweeper HelpdeskSetupActions SQL injection vulnerability

Summary A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper...

9.1CVSS8.9AI score0.72601EPSS
Exploits1
Talos
Talos
added 2022/01/26 12:0 a.m.34 views

Reolink RLC-410W hardcoded TLS key information disclosure vulnerability

Summary An information disclosure vulnerability exists due to the hardcoded TLS key of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this...

7.5CVSS5.9AI score0.0089EPSS
Exploits0
Talos
Talos
added 2022/01/18 12:0 a.m.34 views

Advantech WISE-PaaS/OTA 3.0.9 Server installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of f Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...

9.3CVSS8.1AI score0.00872EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.34 views

Webkit WebCore::GraphicsContext use-after-free vulnerability

Summary A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger...

8.8CVSS7.9AI score0.02913EPSS
Exploits1
Talos
Talos
added 2021/06/01 12:0 a.m.34 views

Accusoft ImageGear TIF IP_planar_raster_unpack improper array index validation vulnerability

Summary An improper array index validation vulnerability exists in the TIF IPplanarrasterunpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

9.8CVSS9.5AI score0.01428EPSS
Exploits1
Talos
Talos
added 2021/03/16 12:0 a.m.34 views

Accusoft ImageGear PSD read_icc_icCurve_data heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the PSD readiccicCurvedata functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can provide a malicious file to trigger...

9.8CVSS9.5AI score0.01407EPSS
Exploits1
Total number of security vulnerabilities2224