CVE-2019-5089

HIGH Year: 2019
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-190
View all →

Vulnerability Description

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file.

Related Vulnerabilities

CVE-2010-0129

HIGH
CVSS:8.8(High)

Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (ak...

CWE-1902010

CVE-2010-0130

HIGH
CVSS:8.8(High)

Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.

CWE-1902010

CVE-2010-2753

HIGH
CVSS:8.8(High)

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arb...

CWE-1902010

CVE-2011-3631

HIGH
CVSS:8.8(High)

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to b...

CWE-1902011

CVE-2012-5054

HIGH
CVSS:8.8(High)

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

CWE-1902012

CVE-2014-4607

HIGH
CVSS:8.8(High)

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

CWE-1902014