CVE-2022-1404

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft versions prior to 1.01.32

Description The issue arises from improper input sanitization when processing a specific project file, leading to a possible out-of-bounds read condition. This can potentially result in information disclosure. There is also a mention of a stack-based buffer overflow that could allow for remote code execution.

Recommendations For versions prior to 1.01.32, update to version 1.01.32 or later to resolve the issue. As a temporary workaround, consider restricting the processing of project files from untrusted sources to minimize the risk of exploitation. Avoid using the ScreenEditor DPB file parsing functionality until the issue is resolved.