Analysis Summary

CVE-2023-40031 CVSS:7.8

Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Utf8_16_Read::convert component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2023-40036 CVSS:5.5

Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the CharDistributionAnalysis::HandleOneChar component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and leak internal memory allocation information.

CVE-2023-40164 CVSS:5.5

Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nsCodingStateMachine::NextStater component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and leak internal memory allocation information.

CVE-2023-40166 CVSS:5.5

Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the FileManager::detectLanguageFromTextBegining component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and leak internal memory allocation information.

Impact

• Gain Access
• Buffer Overflow

Indicators of Compromise

CVE

• CVE-2023-40031
• CVE-2023-40036
• CVE-2023-40164
• CVE-2023-40166

Affected Vendors

Remediation

Refer to Notepad++ Website for patch, upgrade, or suggested workaround information.

Notepad++ Website