PT-2009-2918 · Ohanem · Easyhdr Pro
Stefan Cornelius
·
Published
2009-01-22
·
Updated
2018-10-11
·
CVE-2009-0246
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
easyHDR PRO version 1.60.2
Description
The issue is a stack-based buffer overflow that allows attackers to execute arbitrary code. This can be achieved by using an invalid Radiance RGBE file, also known as a .hdr file.
Recommendations
For easyHDR PRO version 1.60.2, avoid using invalid Radiance RGBE files until a patch is available. As a temporary workaround, consider restricting the use of .hdr files to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easyhdr Pro