CVE-2023-39125
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 18, 2023
Updated: Aug 24, 2023
CWE ID 190
CWE ID 787
Summary
CVE-2023-39125 is a vulnerability affecting NTSC-CRT 2.2.1 software. It involves an integer overflow and out-of-bounds write issue in the "loadBMP" function of "bmp_rw.c". The root cause is the failure to validate the file's width, height, and BPP (bits per pixel) before processing. This could potentially allow malicious users to execute arbitrary code or cause the application to crash. Despite the vendor's assertion that the main application was not intended to be well-tested, such vulnerabilities pose significant risks and should be addressed promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share