Heap-based buffer overflow in libMirage - CVE-2019-15540
Published: August 26, 2019 / Updated: February 9, 2022
Vulnerability identifier: #VU20400
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-15540
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: cdemu.sourceforge.io
Affected software:
libMirage
libMirage
Detailed vulnerability description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists in the "filters/filter-cso/filter-stream.c" in the CSO filter due to a boundary error when the software does not validate the part size. A local authenticated attacker can trigger heap-based buffer overflow, gain root access and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2019-15540
Install update from vendor's website.