Bandisoft : Security Vulnerabilities, CVEs, CVSS score >= 8
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
Max CVSS
9.8
EPSS Score
0.49%
Published
2022-04-01
Updated
2022-04-08
ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.
Max CVSS
8.8
EPSS Score
0.20%
Published
2021-11-26
Updated
2021-11-30
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
Max CVSS
8.6
EPSS Score
0.07%
Published
2021-09-09
Updated
2021-09-22
3 vulnerabilities found