Skip to main content

Buffer Underwrite ('Buffer Underflow')

CVE-2022-33896

Severity High
Score 7.8/10

Summary

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-124 - Buffer Underwrite ('Buffer Underflow')

The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

References

Advisory Timeline

  • Published