CVE-2023-32614 - OpenCVE

A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Accusoft	Imagegear

Configuration 1 [-]

cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1749

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2023-09-25T15:22:34.963Z

Updated: 2024-08-02T15:25:35.668Z

Reserved: 2023-05-12T10:07:30.916Z

Link: CVE-2023-32614

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-25T16:15:13.800

Modified: 2023-09-26T14:44:23.657

Link: CVE-2023-32614

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*", "matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad create_png_object de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar da\u00f1os en la memoria. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-32614", "lastModified": "2023-09-26T14:44:23.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2023-09-25T16:15:13.800", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1749"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-124"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}