#VU20400 Heap-based buffer overflow in libMirage - CVE-2019-15540
Published: August 26, 2019 / Updated: February 9, 2022
Vulnerability identifier: #VU20400
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-15540
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
libMirage
libMirage
Software vendor:
cdemu.sourceforge.io
cdemu.sourceforge.io
Description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists in the "filters/filter-cso/filter-stream.c" in the CSO filter due to a boundary error when the software does not validate the part size. A local authenticated attacker can trigger heap-based buffer overflow, gain root access and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.