PT-2018-17688 · Design Science · Mathtype

Published

2018-02-28

Updated

2021-05-27

CVE-2018-6638

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Design Science MathType version 6.9c

Description A stack-based buffer overflow issue was discovered, allowing for remote code execution. This occurs due to a function call with a corrupted offset value as the first argument and a stack buffer as the second argument.

Recommendations For version 6.9c, update to version 6.9d to resolve the issue.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2018-6638

Affected Products

Mathtype

PT-2018-17688 · Design Science · Mathtype

CVE-2018-6638

Weakness Enumeration

Related Identifiers

Affected Products

References · 4