CVE-2023-27566

Name of the Vulnerable Software and Affected Versions Live2D Cubism Editor version 4.2.03

Description The issue allows for an out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. This can be exploited in Cubism Core within the Live2D Cubism Editor.

Recommendations For version 4.2.03, consider restricting the processing of MOC3 files until a patch is available. As a temporary workaround, avoid using crafted Section Offset Tables or Count Info Tables in MOC3 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.