Описание
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
Ссылки
EPSS
Процентиль: 87%
0.03472
Низкий
Дефекты
CWE-121
Связанные уязвимости
github
6 месяцев назад
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
EPSS
Процентиль: 87%
0.03472
Низкий
Дефекты
CWE-121