A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A…
talos·CWE-193·Published 2022-05-03
A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad IGXMPXMLParser::parseDelimiter de Accusoft ImageGear versión 19.10. Un archivo PSD especialmente diseñado puede desbordar un búfer de pila, lo que podría conllevar a una denegación de servicio o, dependiendo de la aplicación, un filtrado de información. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.8 | 8.6 | 4.9 | AV:N/AC:M/Au:N/C:P/I:N/A:P |
| 3.0 | Primary | cve.org | 7.1 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
| 3.0 | Primary | cve.org | 7.1 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
| 3.0 | Secondary | NVD | 7.1 | 2.8 | 4.2 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
| 3.1 | Primary | NVD | 7.1 | 1.8 | 5.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |