CVE-2014-0994

Name of the Vulnerable Software and Affected Versions Embarcadero Delphi XE6 version 20.0.15596.9843 C++ Builder XE6 version 20.0.15596.9843

Description A heap-based buffer overflow issue exists in the ReadDIB function within the Vcl.Graphics.TPicture.Bitmap implementation of the Visual Component Library (VCL). This allows attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file.

Recommendations For Embarcadero Delphi XE6 version 20.0.15596.9843, consider disabling the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation until a patch is available. For C++ Builder XE6 version 20.0.15596.9843, consider disabling the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.