5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.5%
HT is a hex editor, designed to help analyse and modify executable files.
Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has been discovered in the PE parser.
Successful exploitation would require the victim to open a specially crafted file using HT, potentially permitting an attacker to execute arbitrary code.
There is no known workaround at this time.
All hteditor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-editors/hteditor | < 0.8.0-r2 | UNKNOWN |