CVE-2024-22526

MEDIUM

Bandisoft BandiView 7.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-22526. PoCs published by 200101WhoAmI.

AI-analyzed exploit summary This repository provides a brief overview of CVE-2024-22526, a buffer overflow vulnerability in Bandisoft BandiView v7.0 that allows local attackers to cause a denial of service (DoS) via a crafted EXR image file. It references external advisories and update notes but lacks detailed technical analysis or exploit code.

Description

Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.

Exploits (1)

nomisec WRITEUP

by 200101WhoAmI · poc

https://github.com/200101WhoAmI/CVE-2024-22526

View Code ZIP pw:eip

This repository provides a brief overview of CVE-2024-22526, a buffer overflow vulnerability in Bandisoft BandiView v7.0 that allows local attackers to cause a denial of service (DoS) via a crafted EXR image file. It references external advisories and update notes but lacks detailed technical analysis or exploit code.

Classification

Writeup 80%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: BandiView v7.0

No auth needed

Prerequisites: Local access to the target system · Ability to deliver a crafted EXR file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3

Scores

CVSS v3 5.5

EPSS 0.0041

EPSS Percentile 32.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

bandisoft/bandiview 7.0

Published Apr 12, 2024

Tracked Since Feb 18, 2026