Bandisoft ARK Library buffer overflow vulnerability

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

栈缓冲区溢出

Bandisoft ARK library 缓冲区错误漏洞

Bandisoft ARK library是韩国Bandisoft公司的一个解压Windows、macOS、Linux等各种OS环境中现有的ZIP、RAR、ALZ、EGG等大多数压缩格式的库，并创建ZIP/7Z格式的压缩文件。 Bandisoft ARK library 7.17之前的版本存在缓冲区错误漏洞，该漏洞源于在ark 库中校验文件大小的代码中数据类型使用错误，攻击者利用该漏洞可以执行远程代码。

N/A

N/A