Description
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
References (1)
Core 1
Core References
Broken Link, Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747
Scores
CVSS v3
7.8
EPSS
0.0076
EPSS Percentile
73.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
CWE-121
Status
published
Products (1)
bandisoft/ark_library
< 7.17
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026