CVE-2014-0994
Embarcadero Delphi and C++ Builder XE6 - Heap-Based Buffer Overflow via BMP BITMAPINFOHEADER.biClrUsed Field
Title source: llmDescription
Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-heap-buffer-overflow
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Sep/57
Exploit, Vendor Advisory x_refsource_confirm
http://support.embarcadero.com/article/44015
Scores
EPSS
0.0276
EPSS Percentile
84.5%
Details
CWE
CWE-119
Status
published
Products (2)
embarcadero/embarcadero_c\+\+builder_xe6
20.0.15596.9843
embarcadero/embarcadero_delphi_xe6
20.0.15596.9843
Published
Oct 06, 2014
Tracked Since
Feb 18, 2026