Jose Luis Zayas Banderas

Researcher fromTrend Micro’s Zero Day Initiative
#10305of 53,633
26.9Total CVSS
Vulnerabilities · 3
High
3
PT-2018-10001
8.8
2018-09-26
Levistudio · Levistudiou · CVE-2018-10610
**Name of the Vulnerable Software and Affected Versions** LeviStudioU versions 1.8.29 through 1.8.44 **Description** The issue is related to an out-of-bounds vulnerability that can be exploited when the application processes specially crafted project files, potentially leading to remote code execution. This is specifically tied to the TIFF parsing functionality within the cximageu component of LeviStudioU. **Recommendations** For versions 1.8.29 through 1.8.44, as a temporary workaround, consider restricting the processing of project files from untrusted sources until a patch is available. Avoid using the TIFF parsing functionality within the cximageu component until the issue is resolved.
PT-2018-10004
8.8
2018-09-26
Levi · Levistudiou · CVE-2018-10614
**Name of the Vulnerable Software and Affected Versions** LeviStudioU versions 1.8.29 through 1.8.44 **Description** The issue is related to an XML External Entity (XXE) vulnerability that can be exploited when the application processes specially crafted project XML files, potentially leading to information disclosure. **Recommendations** For versions 1.8.29 through 1.8.44, consider restricting the processing of external XML entities in the xmlparser LoadXMLFile function as a temporary workaround until a patch is available. Avoid using the XML External Entity processing feature in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-9993
9.3
2018-07-26
Wecon · Levistudiou · CVE-2018-10602
Name of the Vulnerable Software and Affected Versions: WECON LeviStudio versions 1.8.29 through 1.8.44 Description: The issue is related to multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This can lead to remote code execution. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.