CVE-2014-0994

Embarcadero Delphi and C++ Builder XE6 - Heap-Based Buffer Overflow via BMP BITMAPINFOHEADER.biClrUsed Field

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Sep/57
Exploit, Vendor Advisory x_refsource_confirm
http://support.embarcadero.com/article/44015

Scores

EPSS 0.0276
EPSS Percentile 84.5%

Details

CWE
CWE-119
Status published
Products (2)
embarcadero/embarcadero_c\+\+builder_xe6 20.0.15596.9843
embarcadero/embarcadero_delphi_xe6 20.0.15596.9843
Published Oct 06, 2014
Tracked Since Feb 18, 2026