CVE-2023-27390

Name of the Vulnerable Software and Affected Versions Diagon version 1.0.139

Description A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality. This issue can be triggered by a specially crafted markdown file or network request, potentially leading to arbitrary code execution or a heap buffer overflow. An attacker can exploit this by sending a malicious network request or a victim can be affected by opening a malicious file.

Recommendations For Diagon version 1.0.139, consider disabling the Sequence::DrawText functionality until a patch is available to prevent potential exploitation. Restrict access to handling markdown files and network requests to minimize the risk of triggering the vulnerability.