PT-2014-4007 · Embarcadero · Embarcadero Delphi Xe6+1
Published
2014-10-06
·
Updated
2014-10-07
·
CVE-2014-0994
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Embarcadero Delphi XE6 version 20.0.15596.9843
C++ Builder XE6 version 20.0.15596.9843
Description
A heap-based buffer overflow issue exists in the ReadDIB function within the Vcl.Graphics.TPicture.Bitmap implementation of the Visual Component Library (VCL). This allows attackers to execute arbitrary code via the
BITMAPINFOHEADER.biClrUsed field in a BMP file.Recommendations
For Embarcadero Delphi XE6 version 20.0.15596.9843, consider disabling the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation until a patch is available.
For C++ Builder XE6 version 20.0.15596.9843, consider disabling the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C++ Builder Xe6
Embarcadero Delphi Xe6