N/A

The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.

N/A

N/A

Festalon pce/hes.c程序 HES文件堆缓冲区溢出漏洞

利用Festalon 0.5.0至0.5.5版本的pce/hes.c程序中的FESTAHES_Load函数，用户辅助攻击者可借助HES文件中一个负LoadAddr值触发拒绝服务攻击，且有可能执行任意代码。此LoadAddr值用于memcpy操作的偏移地址，并导致缓冲区下溢。

N/A

N/A