SB2022031112 - Multiple vulnerabilities in Ecava IntegraXor

Main Vulnerability Database SB2022031112

SB2022031112 - Multiple vulnerabilities in Ecava IntegraXor

Published: March 11, 2022

Security Bulletin ID SB2022031112

Severity

High

Patch available

NO

Number of vulnerabilities 8

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the parsing of EMF files within the Inkscape component. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

2) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the parsing of PCX files within the Inkscape component. A remote attacker can create a specially crafted PCX file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

3) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary conditio within the parsing of EMF files within the Inkscape component. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

4) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the parsing of EMF files within the Inkscape component. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

5) Access of Uninitialized Pointer (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper initialization of a pointer prior to accessing it within the parsing of EMF files within the Inkscape component. A remote attacker can trick a victim to open a specially crafted EMF file and gain unauthorized access to sensitive information on the system.

6) Access of Uninitialized Pointer (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper initialization of a pointer prior to accessing it within the parsing of EMF files within the Inkscape component. A remote attacker can trick a victim to open a specially crafted EMF file and gain unauthorized access to sensitive information on the system.

7) Buffer overflow (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the parsing of WMF files within the Inkscape component. A remote attacker can create a specially crafted WMF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Out-of-bounds write (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when parsing the EMF files within the Inkscape component. A remote attacker can create a specially crafted EMF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References