CVE-2018-3999

An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.

An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.

Existe una vulnerabilidad explotable de desbordamiento de búfer basado en pila en el analizador JPEG de Atlantis Word Processor 3.2.5.0. Una imagen especialmente manipulada embebida en un documento puede provocar que una longitud se calcule erróneamente y se subdesborde. Esta longitud se trata como no firmada y, después, se utiliza en una operación de copia. Debido al subdesbordamiento de longitud, la aplicación escribirá fuera de los límites de un búfer de pila, lo que resulta en un desbordamiento de búfer. Un atacante debe convencer a una víctima para que abra un documento para provocar esta vulnerabilidad.