CVE-2024-8422

Name of the Vulnerable Software and Affected Versions: Zelio Soft 2 versions prior to 5.4.2.2

Description: A Use After Free vulnerability exists that could cause arbitrary code execution, denial of service, and loss of confidentiality and integrity when an application user opens a malicious Zelio Soft 2 project file. This issue affects the parsing of ZM2 files.

Recommendations: For versions prior to 5.4.2.2, upgrade to version 5.4.2.2 or later immediately to resolve the issue. As a temporary workaround, consider avoiding the use of ZM2 files from untrusted sources until the upgrade is applied. Restrict access to the Zelio Soft 2 application to minimize the risk of exploitation.