PT-2023-26793 · Ntsc-Crt · Ntsc-Crt
Jiravvit
·
Publicado
2023-08-17
·
Atualizado
2023-08-24
·
CVE-2023-39125
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NTSC-CRT version 2.2.1
Description
The issue is related to an integer overflow and out-of-bounds write in the
loadBMP function in bmp rw.c. This occurs because the file's width, height, and BPP are not validated. The vendor notes that the main application was not intended to be a well-tested program, but rather a demonstration of how it works and how to integrate it into other programs.Recommendations
For NTSC-CRT version 2.2.1, consider validating the file's width, height, and BPP to prevent the integer overflow and out-of-bounds write. As a temporary workaround, consider restricting the use of the
loadBMP function in bmp rw.c until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Correção
Integer Overflow
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Ntsc-Crt