CVE-2020-7872

Name of the Vulnerable Software and Affected Versions: DaviewIndy versions 8.98.7.0 and earlier

Description: The issue is triggered when a user opens a malformed format file that is mishandled by DaviewIndy, leading to an integer overflow. This could allow attackers to exploit the issue and achieve arbitrary code execution.

Recommendations: For DaviewIndy versions 8.98.7.0 and earlier, avoid opening malformed format files until a fix is available. As a temporary workaround, consider restricting the handling of format files by DaviewIndy to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.