Overview
Embarcadero Delphi and C++ Builder Visual Component Library (VCL) bitmap (BMP) file processing code contains a buffer overflow that could allow an attacker to execute arbitrary code.
Description
Embarcadero Delphi and C++ Builder tools contain a buffer overflow (CWE-119) in VCL BMP file processing code (Vcl.Graphics.TPicture.Bitmap). Core Security Technologies advisory CORE-2014-0004 provides further details, including more specific information about vulnerable development tools. Any application built with a vulnerable VCL version are likely to also be vulnerable. |
Impact
An attacker who can cause a vulnerable application to process a specially crafted BMP file could execute arbitrary code. Whether or not the attacker is remote or authenticated depends on the interfaces and behavior of the vulnerable application. |
Solution
Update Embarcadero has released a hotfix for XE6-series tools and provided documentation for older tools on how to modify VCL source code. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Temporal | 6.8 | E:POC/RL:ND/RC:C |
| Environmental | 5.1 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow
- http://docwiki.embarcadero.com/Libraries/XE6/en/Vcl.Graphics.TPicture.Bitmap
- http://qc.embarcadero.com/wc/qcmain.aspx?d=126004
- http://support.embarcadero.com/article/44015
- http://cwe.mitre.org/data/definitions/119.html
Acknowledgements
Thanks to Marcos Accossatto and JoaquÌn RodrÌguez Varela from Core Security Technologies and Mike Devery from Embarcadero.
This document was written by Art Manion.
Other Information
| CVE IDs: | CVE-2014-0993 |
| Date Public: | 2014-08-20 |
| Date First Published: | 2014-09-11 |
| Date Last Updated: | 2014-12-12 16:24 UTC |
| Document Revision: | 28 |