exploitDog

GHSA-q55h-q4fq-4wj2

Опубликовано: 12 окт. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.

Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.

Ссылки

EPSS

Процентиль: 82%

0.01765

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-119

Связанные уязвимости

CVE-2022-41186

CVSS3: 7.8

nvd

больше 3 лет назад

Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.

EPSS

Процентиль: 82%

0.01765

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-119