ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
BID:53562
Info
ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 53562 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2012 12:00AM |
| Updated: | May 29 2012 12:40PM |
| Credit: | Anonymous via Secunia |
| Vulnerable: |
Lattice Semiconductor ispVM System 18.0.2 |
| Not Vulnerable: | |
Discussion
ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
ispVM System is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
ispVM System 18.0.2 is vulnerable; other versions may also be affected.
ispVM System is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
ispVM System 18.0.2 is vulnerable; other versions may also be affected.
Exploit / POC
ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
The following exploit is available:
The following exploit is available:
Solution / Fix
ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
References:
References:
- ispVM System Product Page (Lattice Semiconductor Corporation)