Lucene search

MitreCVE-2019-6114

HistoryJun 19, 2019 - 4:15 p.m.

CVE-2019-6114

2019-06-1916:15:11

CWE-190

mitre

web.nvd.nist.gov

cve-2019-6114

corel paintshop pro

integer overflow

code execution

jp2 parsing library

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.

Affected configurations

Nvd

Node

corelpaintshop_pro_2019Match21.0.0.119

VendorProductVersionCPE
corelpaintshop_pro_201921.0.0.119cpe:2.3:a:corel:paintshop_pro_2019:21.0.0.119:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
corel	paintshop_pro_2019	21.0.0.119	cpe:2.3:a:corel:paintshop_pro_2019:21.0.0.119:::::::*

References

github.com/ereisr00/bagofbugz/tree/master/CorelPaintShop2019

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Related for CVE-2019-6114