Vulnerabilities > CVE-2018-3860 - Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2018-0544 |
last seen | 2019-05-29 |
published | 2018-07-19 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0544 |
title | ACD Systems Canvas Draw 4 Resolution_Set Out of Bounds Write Code Execution Vulnerability |