CVE-2019-10982

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft ScreenEditor versions 1.00.89 and prior

Description The issue is related to multiple heap-based buffer overflow vulnerabilities that can be exploited by processing specially crafted project files. This allows an attacker to remotely execute arbitrary code due to a lack of user input validation before copying data from project files onto the heap.

Recommendations For Delta Electronics CNCSoft ScreenEditor versions 1.00.89 and prior, consider disabling the project file processing feature until a patch is available to prevent remote code execution. Restrict access to the heap to minimize the risk of exploitation. Avoid using the software to process untrusted project files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.