Severity
Medium
Analysis Summary
CVE-2019-10982
Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.
CVE-2019-10992
Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files.
Impact
Affected Vendors
Delta Electronics
Affected Products
CNCSoft ScreenEditor
Remediation
Vendor recommends to update to the latest version:
latest version of ScreenEditor, Version 1.00.94