Main Vulnerability Database Vulnerabilities #VU76754

Access of Uninitialized Pointer in FvDesigner - CVE-2023-34272

Published: June 1, 2023

Vulnerability identifier: #VU76754

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-34272

CWE-ID: CWE-824

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FvDesigner

Software vendor:
Fatek

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to uninitialized pointer access within the parsing of FPJ files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software and execute arbitrary code on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.zerodayinitiative.com/advisories/ZDI-23-770/

Access of Uninitialized Pointer in FvDesigner - CVE-2023-34272

Description

Remediation

External links

Please verify you're human