Lucene search

Veracode Vulnerability DatabaseVERACODE:41257

HistoryJul 13, 2023 - 9:16 a.m.

NULL Pointer Dereference

2023-07-1309:16:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

panoparserfindoline

parser.c

arbitrary codes

crafted file

application crash

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.3%

JSON

libpano13.so is vulnerable to NULL Pointer Dereference. The vulnerability exists in the panoParserFindOLine function at parser.c which allows an attacker to execute arbitrary codes via a crafted file when can cause the application to crash.

References

github.com/advisories/GHSA-573q-g6cg-g6cq

groups.google.com/g/hugin-ptx/c/gLtz2vweD74

groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74

sourceforge.net/p/panotools/libpano13/ci/62aa7eed8fae5d8f247a2508a757f31000de386f/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.3%

JSON

Related for VERACODE:41257