Name of the Vulnerable Software and Affected Versions 1С:Предприятие (affected versions not specified)

Description The issue concerns a vulnerability in the Fast Infoset decoder of the xml2.dll library, which is used for working with XML documents. An attacker can manipulate input data to put the Fast Infoset decoder into a CII UTF8 LARGE LENGTH state, which involves processing a comment information unit. Once in this state, the decoder attempts to read a sequence of characters from the input stream. The attacker can specify a sufficiently large negative number as the length of this sequence, causing a heap buffer overflow in the decodeUtf8StringAsCharBuffer procedure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.