PT-2012-4361 · Lattice Semiconductor · Pac-Designer
Published
2012-05-21
·
Updated
2017-08-29
·
CVE-2012-2915
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Lattice Semiconductor PAC-Designer version 6.2.1344
Description
A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long string in a
Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) files.Recommendations
For version 6.2.1344, consider avoiding the use of long strings in the
Value tag until a patch is available. As a temporary workaround, restrict the processing of PAC Design files from untrusted sources to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pac-Designer