Double Free Vulnerability in SAP Crystal Reports by SAP
CVE-2014-5506

Currently unrated

Key Information:

Vendor: SAP
Status: Crystal Reports
Vendor: CVE Published:; 4 September 2014

Summary

A double free vulnerability exists within SAP Crystal Reports that can be exploited by remote attackers. By crafting a malicious connection string record within an RPT file, an attacker can manipulate memory allocation, allowing the execution of arbitrary code on affected systems. This weakness highlights the importance of proper memory management and validation in handling user inputs and file processing.

References

https://service.sap.com/sap/support/notes/1999142

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-14-302/

x_refsource_MISC

http://scn.sap.com/docs/DOC-8218

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
Aug 28, 2014