Buffer Overflow Vulnerability in Resource Hacker

Posted date 31/01/2024
Identificador
INCIBE-2024-0054
Importance
4 - High
Affected Resources
  • Resource Hacker, version 3.6.0.92.
Description

INCIBE has coordinated the publication of 1 high severity vulnerability affecting Resource Hacker version 3.6.0.92, a resource editor for 32-bit and 64-bit Windows applications developed by Angus Johnson, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-1112: 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-119.
Solution

Vulnerability fixed in version 5.2.1.

Detail

CVE-2024-1112: heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.

References list