Skip to main content

Daviewindy CVE-2019-9138

HIGH
Integer Overflow or Wraparound (CWE-190)
2019-04-25 vuln@krcert.or.kr
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 25, 2019 - 18:29 nvd
HIGH 7.8

DescriptionNVD

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

AnalysisAI

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. Affected products include: Datools Daviewindy.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2020-7823 HIGH
7.8 Aug 04

DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandle

CVE-2020-7822 HIGH
7.8 Aug 04

DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishand

CVE-2020-7829 HIGH
7.8 Jul 30

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malform

CVE-2020-7828 HIGH
7.8 Jul 30

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malform

CVE-2020-7827 HIGH
7.8 Jul 30

DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed sp

CVE-2020-7818 HIGH
7.8 Jul 17

DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF fil

CVE-2019-9139 HIGH
7.8 Apr 25

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed

CVE-2019-9137 HIGH
7.8 Apr 25

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed

CVE-2019-9136 HIGH
7.8 Apr 25

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malform

CVE-2019-9135 HIGH
7.8 Apr 25

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malform

Share

CVE-2019-9138 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy