12 matches found
CVE-2018-3983
Summary: CVE-2018-3983 affects Atlantis Word Processor’s Word Document parser. An exploitable uninitialized pointer in the parsing pipeline can occur when handling the WordDocument structure (notably involving TTableRow/TField lists). A crafted .doc can cause an array fetch to return an uninitial...
CVE-2018-3984
CVE-2018-3984 affects Atlantis Word Processor 3.0.2.3 and 3.0.2.5. The Word Document parser has an uninitialized length (SprmTDefTable) for the number of table columns, which is later used as a loop bound. A crafted Word doc can trigger a heap-based buffer overflow, leading to code execution unde...
CVE-2018-4038
CVE-2018-4038 is a memory-corruption, arbitrary-write vulnerability in the Atlantis Word Processor open document format parser. Cisco Talos details show the issue stems from an insecure length handling in the NewAnsiString path within the parser’s buffer/heap management (text processing via LStrS...
CVE-2018-3978
CVE-2018-3978 is a vulnerability in Atlantis Word Processor’s Word Document parser (CLX/Clx handling in the Fib-based WordDocument table). A specially crafted Word binary (DOC) document can trigger a heap-based buffer overflow by mis-processing the Clx/Pcdt piece-descriptor table: the Clx.lcb con...
CVE-2018-3975
Cisco Talos reports CVE-2018-3975 as an Atlants Word Processor 3.2.6 RTF-parsing vulnerability. The flaw is an exploitable uninitialized OLE document pointer (offset -0x8e0) used when parsing RTF tokens; if an attacker can control the stack, they can trigger an out-of-bounds write that can lead t...
CVE-2018-3982
CVE-2018-3982 is an exploitable arbitrary write vulnerability in the Atlantis Word Processor (Word Document parser). Cisco Talos reports that Atlantis Word Processor 3.0.2.3 and 3.0.2.5 can be induced to skip adding elements to a loop-indexed array, causing an out-of-bounds read of a pointer and,...
CVE-2018-3999
Atlanti s Word Processor CVE-2018-3999 affects the JPEG parser in Atlantis Word Processor 3.2.5.0. A specially crafted embedded JPEG image can cause a length underflow, treated as unsigned, leading to a heap-based buffer overflow during decoding of JPEG markers (APPx handling) and subsequent copy...
CVE-2018-4040
The CVE-2018-4040 issue affects Atlantis Word Processor versions 3.2.7.1 and 3.2.7.2, with a root cause described as an uninitialized pointer in the Rich Text Format (RTF) parser leading to heap corruption and potential code execution when a victim opens a crafted document. Cisco Talos’ advisory ...
CVE-2018-3998
CVE-2018-3998 (Atlantis Word Processor) describes a heap-based buffer overflow in the Windows Enhanced Metafile parser for Atlantis Word Processor v3.2.5.0. A crafted image embedded in a document can cause an undersized allocation, leading to heap corruption when data is copied. The vulnerability...
CVE-2018-4001
CVE-2018-4001 affects Atlantis Word Processor 3.2.5.0. The vulnerability is an uninitialized pointer in the Office Open XML parser that handles table rows (TTableRow). A crafted document can cause an uninitialized pointer to be assigned to a stack variable, which is later dereferenced and written...
CVE-2018-4039
CVE-2018-4039 is a concrete vulnerability in Atlantis Word Processor 3.2.7.2 where the PNG image handling allows an out-of-bounds write during PNG decoding (inflate_table writes beyond a 64-byte buffer if code lengths exceed 15). This memory corruption can lead to code execution in the applicatio...
CVE-2018-4000
Atlantis Word Processor (version 3.2.5.0) contains a double-free vulnerability in its Office Open XML parser. A specially crafted document can cause a TTableRow object to be referenced twice, leading to a double-free when both references are freed. The TALOS/YR details indicate an exploitable pat...