CVE-2019-5088

Name of the Vulnerable Software and Affected Versions Investintech Able2Extract Professional version 14.0.7

Description A memory corruption issue exists, allowing a potential attacker to execute arbitrary code on the victim machine by using a specially crafted BMP file. This can cause an out-of-bounds memory write. The vulnerability can be triggered by sending the user a specially crafted BMP file.

Recommendations For Investintech Able2Extract Professional version 14.0.7, avoid opening specially crafted BMP files until a patch is available. As a temporary workaround, consider restricting the use of the BMP file handling feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.