CVE-2024-45870 PoC — Bandisoft BandiView 安全漏洞

Source

https://github.com/bshyuunn/Bandiview-7.05-Vuln-PoC

Associated Vulnerability

Title:Bandisoft BandiView 安全漏洞 (CVE-2024-45870)
Description:Bandisoft bandiview是韩国Bandisoft公司的一款图像查看器和编辑器软件。 Bandisoft BandiView 7.05版本存在安全漏洞，该漏洞源于精心制作的POC文件在sub_0x3d80fc中容易受到错误访问控制的攻击。

Description

CVE-2024-45870, CVE-2024-45871, CVE-2024-45872 | Bandiview 7.05 Vuln PoC

Readme

# Bandiview-7.05-Vuln-PoC
We tried fuzzing against Bandiview-7.05 and were able to find a few vulnerabilities.

- [CVE-2024-45870](https://nvd.nist.gov/vuln/detail/CVE-2024-45870) ( JXR File Parsing DoS Vulnerability )
- [CVE-2024-45871](https://nvd.nist.gov/vuln/detail/CVE-2024-45871) ( PSD File Parsing DoS Vulnerability )
- [CVE-2024-45872](https://nvd.nist.gov/vuln/detail/CVE-2024-45872) ( PSD File Parsing Stack Buffer Overflow )

### Details
- Software: [BandiView](https://kr.bandisoft.com/bandiview/)
- Version: v7.05 (2024/7/15, BuildNo=26122)

### Credit
- JaeHo Cho ( @Jaecho6053 )
- SongHyun Bae ( @bshyuunn )
- JunSeo Bae ( @V0xe1 )
- LeeDong Ha ( @GAP-dev )

File Snapshot


 [4.0K]  /data/pocs/1f6d8707062b9442c2fa57b643eabe480dca4fca
├── [4.0K]  CVE-2024-45870
│   ├── [187K]  PoC.jxr
│   └── [   1]  README.md
├── [4.0K]  CVE-2024-45871
│   ├── [1.4K]  PoC.psd
│   └── [   1]  README.md
├── [4.0K]  CVE-2024-45872
│   ├── [1.4K]  PoC.psd
│   └── [   1]  README.md
└── [ 674]  README.md

3 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!