Buffer Underwrite ('Buffer Underflow')

CVE-2023-32614

High

7/10

Summary

A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-124 - Buffer Underwrite ('Buffer Underflow')

The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

References

Advisory Timeline

Published Sep 25, 2023

Buffer Underwrite ('Buffer Underflow')

CVE-2023-32614

Summary

CWE-124 - Buffer Underwrite ('Buffer Underflow')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS