Buffer Underwrite ('Buffer Underflow')
CVE-2022-33896
Summary
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-124 - Buffer Underwrite ('Buffer Underflow')
The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
References
Advisory Timeline
- Published