9.8

CVE-2018-7553

Exploit
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sam2p ProjectSam2p Version0.49.4
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.5% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2018/04/msg00004.html
Third Party Advisory
Mailing List
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891527
Third Party Advisory
Issue Tracking
https://github.com/pts/sam2p/issues/32
Third Party Advisory
Exploit