CVE-2023-27390

Опубликовано: 05 июл. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1744
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1744
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1744

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:diagon_project:diagon:1.0.139:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

7.8 High

CVSS3

Дефекты

CWE-122

CWE-787

Связанные уязвимости

GHSA-4p57-rrmc-hxh2

CVSS3: 8.4

github

больше 2 лет назад

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.