CVE-2006-4024

Festalon < 0.5.5 - Denial of Service

Title source: rule

Description

The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cdosmultiple

https://www.exploit-db.com/exploits/28361

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3177

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19402

[Exploit, Vendor Advisory] http://aluigi.altervista.org/adv/festahc-adv.txt

[Vendor Advisory] http://secunia.com/advisories/21367

Scores

EPSS 0.0538

EPSS Percentile 90.1%

Details

Status published

Products (2)

festalon/festalon 0.5.0

festalon/festalon < 0.5.5

Published Aug 09, 2006

Tracked Since Feb 18, 2026