CVE-2014-0994

2014-10-0614:55:09

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-0994

embarcadero delphi

c++ builder

vcl

buffer overflow

arbitrary code execution

bmp file

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.117 Low

EPSS

Percentile

95.3%

JSON

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993.

Affected configurations

NVD

Node

embarcaderoembarcadero_c\+\+builder_xe6Match20.0.15596.9843

embarcaderoembarcadero_delphi_xe6Match20.0.15596.9843

CPENameOperatorVersion
embarcadero:embarcadero_c\+\+builder_xe6embarcadero embarcadero c++builder xe6eq20.0.15596.9843
embarcadero:embarcadero_delphi_xe6embarcadero embarcadero delphi xe6eq20.0.15596.9843

CPE	Name	Operator	Version
embarcadero:embarcadero_c\+\+builder_xe6	embarcadero embarcadero c++builder xe6	eq	20.0.15596.9843
embarcadero:embarcadero_delphi_xe6	embarcadero embarcadero delphi xe6	eq	20.0.15596.9843