PT-2015-5950 · Ghisler · Total Commander

Marcin Noga

Published

2015-07-21

Updated

2017-09-21

CVE-2015-2869

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Ghisler Total Commander versions prior to 2.22 with the FileInfo plugin

Description The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash. This can be achieved through several methods, including:

a large Size value in the Archive Member Header of a COFF Archive Library file,
a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file,
a large Resource Table Count value in the LE Header of a Linear Executable file,
a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.

Recommendations For Ghisler Total Commander with the FileInfo plugin version prior to 2.22, update the FileInfo plugin to version 2.22 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2015-2869

Affected Products

Total Commander

PT-2015-5950 · Ghisler · Total Commander

CVE-2015-2869

Weakness Enumeration

Related Identifiers

Affected Products

References · 6