CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4024

The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.054

EPSS Ranking 89.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://aluigi.altervista.org/adv/festahc-adv.txt
http://secunia.com/advisories/21367
http://www.securityfocus.com/bid/19402
http://www.vupen.com/english/advisories/2006/3177
http://aluigi.altervista.org/adv/festahc-adv.txt
http://secunia.com/advisories/21367
http://www.securityfocus.com/bid/19402
http://www.vupen.com/english/advisories/2006/3177

Products affected by CVE-2006-4024

Festalon » Festalon » Version: Any

cpe:2.3:a:festalon:festalon:*
Festalon » Festalon » Version: 0.5.0

cpe:2.3:a:festalon:festalon:0.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4024

Products

Pricing

Contact Us