CVE-2006-4024

Name of the Vulnerable Software and Affected Versions Festalon versions 0.5.0 through 0.5.5

Description The issue allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a negative LoadAddr value in a HES file. This value is used as an offset in a memcpy operation, leading to a buffer underflow.

Recommendations For Festalon versions 0.5.0 through 0.5.5, consider restricting the use of the FESTAHES Load function in pce/hes.c until a patch is available to prevent potential denial of service and code execution attacks. As a temporary workaround, avoid using negative LoadAddr values in HES files to minimize the risk of exploitation.