PT-2019-13786 · Adplug Team · Adplug

Alexander Miller

Published

2019-08-06

Updated

2021-02-22

CVE-2019-14692

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AdPlug version 2.3.1

Description The issue is a heap-based buffer overflow in the load() function of the CmkjPlayer class, located in the mkj.cpp file.

Recommendations For AdPlug version 2.3.1, consider avoiding the use of the load() function in the CmkjPlayer class until a patch is available. As a temporary workaround, restricting access to the mkj.cpp file or the CmkjPlayer class may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-14692

OPENSUSE-SU-2024:12762-1

Affected Products

Adplug

PT-2019-13786 · Adplug Team · Adplug

CVE-2019-14692

Weakness Enumeration

Related Identifiers

Affected Products

References · 10