CVE-2019-9136 HIGH

CVE-2019-9136

Vendor Humantalk Co,Ltd
Product DaviewIndy
Weakness CWE-122
Published April 25, 2019
Last update August 4, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Key dates

02Disclosure timeline

April 25, 2019 CVE published
August 4, 2024 Record updated