CVE-2018-3887

Status: Analyzed
Last modified: 02-02-2023
Published: 11-04-2018
7.8

SUMMARY CVE-2018-3887

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.

Access CVSS3 CVE-2018-3887

Attack Complexity Attack Vector Privileges Required Scope User Interaction
LOW LOCAL NONE UNCHANGED REQUIRED

Impact CVSS3 CVE-2018-3887

Confidentiality Integrity Availability
HIGH HIGH HIGH

Details CVE-2018-3887

EPSS 0.00099
EPSS % 0.42037
References
CWE CWE-787
Vulnerable Configurations
  • cpe:2.3:a:pl32:photoline:20.53:*:*:*:*:*:*:*
    cpe:2.3:a:pl32:photoline:20.53:*:*:*:*:*:*:*
CVSS3 Source nvd@nist.gov
CVSS3 Type Primary
CVSS3 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

ATOM RSS Feed Link for CVE Vulnerabilities

CVE Data Propulsed by AKAOMA CyberSecurity