Primary

Context

Terra Informatica Sciter Information Disclosure Vulnerability in Video Rendering Component

Vulnerability

A vulnerability in Terra Informatica Software, Inc Sciter version 4.4.7.0 allows local attackers to access sensitive information. This issue arises from an unsound implementation in the video rendering component, where raw pointers can be manipulated to cause undefined behavior and potentially expose private data.

Impact

Exploitation of this vulnerability could lead to undefined behavior, allowing for sensitive information to be accessed improperly.

Reproduction

The vulnerability can be reproduced by creating a pointer to a byte-sized variable and then using the `AssetPtr::adopt` method to pass it as a pointer to a type that is larger, such as `iasset`. This misalignment causes the pointer to be dereferenced incorrectly, leading to out-of-bounds access and undefined behavior.

Added: Dec 26, 2025, 4:21 PM

Updated: Dec 26, 2025, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Terra Informatica Sciter Information Disclosure Vulnerability in Video Rendering Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating