CVE-2015-7508

Name of the Vulnerable Software and Affected Versions: Libnsbmp version 0.1.2

Description: The issue is related to a heap-based buffer overflow in the bmp decode rle function in libnsbmp.c. This allows context-dependent attackers to cause a denial of service, potentially leading to an application crash, or possibly execute arbitrary code. The attack vector involves the last row of RLE data in a crafted BMP file.

Recommendations: For Libnsbmp version 0.1.2, consider disabling the bmp decode rle function until a patch is available to prevent potential exploitation. Restrict access to crafted BMP files to minimize the risk of denial of service or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.