CVE ID | CVE-2017-4911 |
CVSS SCORE | 6.9, AV:L/AC:M/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
ThinPrint |
AFFECTED PRODUCTS |
ThinPrint |
VULNERABILITY DETAILS |
The specific flaw exists within JPEG2000 parsing. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS.
|
ADDITIONAL DETAILS |
ThinPrint has issued an update to correct this vulnerability. More details can be found at:
https://www.vmware.com/security/advisories/VMSA-2017-0008.html |
DISCLOSURE TIMELINE |
|
CREDIT | Ke Liu of Tencent's Xuanwu LAB |