Primary

Context

VisiCut Stack Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

A stack consumption vulnerability has been identified in VisiCut version 2.1, allowing for a denial-of-service condition. This issue arises from insecure deserialization of XML documents containing nested set elements. Exploitation of this vulnerability can be demonstrated by using a specific reference that triggers a StackOverflowError.

Impact

Exploitation of this vulnerability causes a stack overflow, leading to a denial-of-service condition where the application crashes and cannot be used until restarted.

Reproduction

To reproduce this vulnerability, create an XML document with nested set elements. Include a set element that references 'set[2]' to trigger the vulnerability. Save this XML file in a folder named 'settings', and compress the folder into a zip file. Then, upload the zip file using the 'FromFile' option in the VisiCut application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VisiCut Stack Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating