CVE-2019-6537
HIGHWECON LeviStudioU <= 1.8.56 - Stack-based Buffer Overflow via Project File Parsing
Title source: llmDescription
Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106861
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03
Scores
CVSS v3
7.8
EPSS
0.0190
EPSS Percentile
77.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (1)
we-con/levistudiou
< 1.8.56
Published
Feb 13, 2019
Tracked Since
Feb 18, 2026