NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds...
High severity
Unreviewed
Published
Aug 18, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 18, 2023
Published to the GitHub Advisory Database
Aug 18, 2023
Last updated
Apr 4, 2024
NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs."
References