This issue is addressed by updating the length check in this code. Google Project Zero researchers have also published a detailed guide on how to exploit this vulnerability.

It is highly recommended to upgrade your OTFCC software as soon as possible.

CVE-2019-3730 OTFCC has been found to be vulnerable to a buffer overflow via the following URL: /admin/otfccupload+0x286164. This issue is addressed in version 2.5.5.

CVE-2019-3729 OTFCC has a stack-based buffer overflow via the following URL: /admin/otfccupload+0x2d65e. This issue is addressed in version 2.5.5.

CVE-2019-3728 OTFCC has a heap-based buffer overflow via the following URL: /admin/otfccupload+0x3b57b. This issue is addressed in version 2.5.5.

CVE-2019-3727 OTFCC has a stack-based buffer overflow via the following URL: /admin/otfccupload+0x25e5f. This issue is addressed in version 2.5.5.

CVE-2019-3726 OTFCC has a heap-based buffer overflow via the following URL: /admin/otfccupload+0x4f4e. This issue is addressed in version 2.5.5.

OTFCC has been found vulnerable to a buffer overflow via the following URL: /admin/otfccupload+0x286164

OTFCC has been found to be vulnerable to a buffer overflow via the following URL: /admin/otfccupload+0x286164. This issue is addressed in version 2.5.5.

It is highly recommended to upgrade your OTFCC software as soon as possible.

Timeline

Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:14:00 UTC

References