IRAI Automgen Use-After-Free Vulnerability Leading to Remote Denial-of-Service
Vulnerability
A use-after-free vulnerability has been identified in IRAI Automgen versions through 8.0.0.7 (also known as 8.022). The issue arises in the project's file handling, where certain malformed fields can cause an object to be freed and then dereferenced, leading to the use of a dangling pointer. This exploitation allows an attacker to manipulate an indirect call via memory they control, causing a denial-of-service. In some cases, it may also be possible to execute remote code.
Impact
Exploitation of this vulnerability causes a denial-of-service condition. However, under certain circumstances, it may also allow for remote code execution.
Reproduction
The vulnerability can be reproduced by creating a project file that includes malformed fields, such as an oversized embedded zip archive or specific counters. When this file is processed, the application will free an object and then dereference the stale pointer, leading to the use-after-free condition.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.