GCC Productions Fade In Out-of-Bounds Write Vulnerability in XML Parser
Vulnerability
A vulnerability allowing out-of-bounds write has been identified in GCC Productions Inc. Fade In version 4.2.0. This issue arises in the XML parser, where the software improperly handles the 'builtin_index' property in .fadein files, which are essentially ZIP files containing embedded XML. If the property is missing or set to a negative value, the parser uses the negative index to access and write memory, leading to memory corruption.
Impact
Exploitation of this vulnerability causes memory corruption, which can potentially be leveraged for arbitrary code execution.
Reproduction
To reproduce this vulnerability, create a .fadein file that omits the 'builtin_index' property or sets it to a negative value. When this file is opened in Fade In 4.2.0, the XML parser will trigger the out-of-bounds write by using the negative index to access memory, causing a crash due to an access violation.
Remediation
Users are advised to update to the patched version of Fade In, which is available on the official Fade In website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.