Vulnerabilities > Idemia > Visionpass Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-15 | CVE-2023-33222 | Out-of-bounds Write vulnerability in Idemia products When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. | 9.8 |
| 2023-12-15 | CVE-2023-33221 | Out-of-bounds Write vulnerability in Idemia products When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. | 9.8 |
| 2023-12-15 | CVE-2023-33220 | Out-of-bounds Write vulnerability in Idemia products During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. | 9.8 |
| 2023-12-15 | CVE-2023-33219 | Out-of-bounds Write vulnerability in Idemia products The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. | 9.8 |
| 2023-12-15 | CVE-2023-33218 | Out-of-bounds Write vulnerability in Idemia products The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. | 9.8 |