Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-0994

Published: 06/10/2014 Updated: 07/10/2014
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Embarcadero C\+\+builder Xe6

Vulnerability Summary

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent malicious users to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993.

Vulnerable Product Search on Vulmon Subscribe to Product

embarcadero embarcadero c\\+\\+builder xe6 20.0.15596.9843

embarcadero embarcadero delphi xe6 20.0.15596.9843

Github Repositories

https://github.com/SecureAuthCorp/Embarcadero-Workaround

This is a workaround for CVE-2014-0993 and CVE-2014-0994 that patches on memory without the need to recompile your vulnerable software. This is not the Embarcadero official fix, this is only CORE Security workaround.

##What is Embarcadero Workaround ? This is an unofficial "patch" for "Embarcadero VCL Library Stack/Heap Overflow" (CVE-2014-0993 and CVE-2014-0994) ##Which Software versions does this workaround support? 32-bit software compiled with Delphi and C++ Builder where the "VCL library" was included, as long as the library is statically linked into the

https://github.com/helpsystems/Embarcadero-Workaround

This is a workaround for CVE-2014-0993 and CVE-2014-0994 that patches on memory without the need to recompile your vulnerable software. This is not the Embarcadero official fix, this is only CORE Security workaround.

##What is Embarcadero Workaround ? This is an unofficial "patch" for "Embarcadero VCL Library Stack/Heap Overflow" (CVE-2014-0993 and CVE-2014-0994) ##Which Software versions does this workaround support? 32-bit software compiled with Delphi and C++ Builder where the "VCL library" was included, as long as the library is statically linked into the

References

CWE-119http://seclists.org/fulldisclosure/2014/Sep/57http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-heap-buffer-overflowhttp://support.embarcadero.com/article/44015https://nvd.nist.govhttps://github.com/SecureAuthCorp/Embarcadero-Workaround
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook