Details of VAR-202203-2071

ID

VAR-202203-2071

TITLE

(0Day) Ecava IntegraXor Inkscape PCX File Parsing Out-Of-Bound Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-22-485

DESCRIPTION

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCX files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

Trust: 0.7

sources: ZDI: ZDI-22-485

AFFECTED PRODUCTS

vendor:

ecava

model:

integraxor

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-22-485

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-22-485
value:	LOW
Trust: 0.7

ZDI:	ZDI-22-485
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-485

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-14275	Trust: 0.7
db:	ZDI	id:	ZDI-22-485	Trust: 0.7

sources: ZDI: ZDI-22-485

CREDITS

Tran Van Khang - khangkito (VinCSS)

Trust: 0.7

sources: ZDI: ZDI-22-485

SOURCES

db:

ZDI

id:

ZDI-22-485

LAST UPDATE DATE

2022-05-17T01:34:46.771000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-22-485

date:

2022-03-29T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-22-485

date:

2022-03-09T00:00:00