CVE-2023-39936

Name of the Vulnerable Software and Affected Versions Ashlar-Vellum Graphite version 13.0.48

Description The issue is related to a lack of proper validation of user-supplied data when parsing VC6 files, which could lead to an out-of-bounds read. This may allow an attacker to execute arbitrary code in the context of the current process by leveraging the vulnerability through specially crafted VC6 files.

Recommendations For Ashlar-Vellum Graphite version 13.0.48, consider disabling the parsing of VC6 files until a patch is available to prevent potential exploitation. Restrict access to the feature that handles VC6 files to minimize the risk of arbitrary code execution. Avoid using the affected application to parse VC6 files from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.