CVE-2022-26302

Name of the Vulnerable Software and Affected Versions V-SFT versions prior to v6.1.6.0

Description A heap-based buffer overflow exists in the simulator module of the graphic editor V-SFT, which may allow an attacker to obtain information and/or execute arbitrary code by having a user open a specially crafted image file. This issue is related to the graphic editor's ability to handle image files, potentially allowing unauthorized access to protected information or the execution of arbitrary code.

Recommendations For versions prior to v6.1.6.0, update to version v6.1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the simulator module in V-SFT until a patch is applied. Avoid opening specially crafted image files with the affected software to minimize the risk of exploitation.