CVE Vulnerabilities

CVE-2022-23400

Off-by-one Error

Published: May 03, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

Weakness

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Software

Name Vendor Start Version End Version
Imagegear Accusoft 19.10 (including) 19.10 (including)

Potential Mitigations

References