Heewon Park

#8762of 53,635
31.2Total CVSS
Vulnerabilities · 4
High
4
PT-2024-20945
7.8
2024-02-09
Hugin · Hugin · CVE-2024-25442
**Name of the Vulnerable Software and Affected Versions** Hugin version 2022.0.0 **Description** An issue in the HuginBase::PanoramaMemento::loadPTScript function allows attackers to cause a heap buffer overflow via parsing a crafted image. **Recommendations** For Hugin version 2022.0.0, consider avoiding the use of the `loadPTScript` function in the `HuginBase::PanoramaMemento` class until a patch is available. As a temporary workaround, restrict the parsing of crafted images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-20946
7.8
2024-02-09
Hugin · Hugin · CVE-2024-25443
**Name of the Vulnerable Software and Affected Versions** Hugin version 2022.0.0 **Description** An issue in the HuginBase::ImageVariable<double>::linkWith function allows attackers to cause a heap-use-after-free via parsing a crafted image. **Recommendations** For Hugin version 2022.0.0, consider restricting the use of the `linkWith` function in the `HuginBase::ImageVariable<double>` class until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-20947
7.8
2024-02-09
Hugin · Hugin · CVE-2024-25445
**Name of the Vulnerable Software and Affected Versions** Hugin version 2022.0.0 **Description** The issue arises from improper handling of values in the `HuginBase::PTools::Transform::transform` function, leading to an assertion failure. **Recommendations** For Hugin version 2022.0.0, consider disabling the `transform` function in `HuginBase::PTools::Transform` as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-20948
7.8
2024-02-09
Hugin · Hugin · CVE-2024-25446
**Name of the Vulnerable Software and Affected Versions** Hugin version 2022.0.0 **Description** An issue in the HuginBase::PTools::setDestImage function allows attackers to cause a heap buffer overflow via parsing a crafted image. **Recommendations** For Hugin version 2022.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `setDestImage` function until a patch is available. Avoid parsing crafted images to minimize the risk of exploitation.