Code-Projects Album Management System Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in Code-Projects Album Management System version 1.0. The issue arises in the 'searchalbum' function of the Search Albums component, where the 'scanf' function is used to read input into a fixed-size buffer without proper length validation. This vulnerability requires local access to exploit and could potentially lead to arbitrary code execution or a program crash.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to memory corruption, program crashes, or arbitrary code execution.

Reproduction

To reproduce this vulnerability, access the 'searchalbum' function in the application. When prompted, enter a payload that exceeds the buffer limit of 20 bytes. This can be done by inputting a string of characters that significantly surpass the allocated buffer size. After entering the payload, an 'EXCEPTION_ACCESS_VIOLATION' error will indicate that the buffer overflow has been successfully exploited, causing a crash.