CVE-2023-39125

Name of the Vulnerable Software and Affected Versions NTSC-CRT version 2.2.1

Description The issue is related to an integer overflow and out-of-bounds write in the loadBMP function in bmp rw.c. This occurs because the file's width, height, and BPP are not validated. The vendor notes that the main application was not intended to be a well-tested program, but rather a demonstration of how it works and how to integrate it into other programs.

Recommendations For NTSC-CRT version 2.2.1, consider validating the file's width, height, and BPP to prevent the integer overflow and out-of-bounds write. As a temporary workaround, consider restricting the use of the loadBMP function in bmp rw.c until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.