How severe is CVE-2023-40238?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-40238?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2023-40238 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.

Related Vulnerabilities

CVE-2002-1696

MEDIUM

CVSS:5.5(Medium)

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Alwa...

CWE-3122002

CVE-2005-2209

MEDIUM

CVSS:5.5(Medium)

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.

CWE-3122005

CVE-2008-1567

MEDIUM

CVSS:5.5(Medium)

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive info...

CWE-3122008

CVE-2009-1466

MEDIUM

CVSS:5.5(Medium)

Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.

CWE-3122009

CVE-2011-2916

MEDIUM

CVSS:5.5(Medium)

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key us...

CWE-3122011

CVE-2015-1931

MEDIUM

CVSS:5.5(Medium)

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pla...

CWE-3122015