Heap-based Buffer Overflow in Embarcadero Delphi XE6 and C++ Builder XE6
CVE-2014-0994

Currently unrated

Key Information:

Vendor: Embarcadero
Status: Embarcadero Delphi Xe6; Embarcadero C\+\+builder Xe6
Vendor: CVE Published:; 6 October 2014

🔔 Create Embarcadero Vulnerability Alert

What is CVE-2014-0994?

A heap-based buffer overflow vulnerability exists in the ReadDIB function of the Vcl.Graphics.TPicture.Bitmap implementation within Embarcadero Delphi XE6 and C++ Builder XE6. This issue can be exploited by context-dependent attackers to execute arbitrary code by manipulating the BITMAPINFOHEADER.biClrUsed field in a specially crafted BMP file. The vulnerability stems from an incomplete fix for a previous vulnerability, underscoring the importance of comprehensive patch management.

References

http://www.coresecurity.com/advisories/delphi-and-c-build...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/Sep/57

mailing-listx_refsource_FULLDISC

http://support.embarcadero.com/article/44015

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2014
Vulnerability Reserved
Jan 7, 2014

JSON