The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.05379
Percentile: 0.89661

CVSS Scoring

Affected Products

• cpe:2.3:a:festalon:festalon:*:*:*:*:*:*:*:*
• cpe:2.3:a:festalon:festalon:0.5.0:*:*:*:*:*:*:*

← Back to Home