Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

[CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow

Are the LMD Tools image components affected by this issue?
Embarcadero indicates they have a fix for Delphi XE6

However, it is unclear if the LMD Tools components themselves are affected (they have the same problem in this code), or if they just need to be re-built with the fix applied to the IDE (because the problem is in Delphi Image handling).

1. *Advisory

    Title: Delphi and C++ Builder VCL library Buffer Overflow

    Advisory ID: CORE-2014-0004

    Advisory URL:

    Date published: 2014-08-20

    Date of last update: 2014-08-20

    Vendors contacted: Embarcadero

    Release mode: Coordinated release

2. *Vulnerability Information*

    Class: Buffer overflow [CWE-119]

    Impact: Code execution

    Remotely Exploitable: No

    Locally Exploitable: Yes

    CVE Name: CVE-2014-0993

3. *Vulnerability Description*

    Applications developed with Delphi and C++ Builder [1] that use


    integrated graphic library detailed below are prone to a security

vulnerability when processing malformed BMP

    files. The aforementioned vulnerability has been found in the VCL

(Visual Component Library)  allowing an attacker to use

    a specially crafted BMP file that produces a buffer overflow and

potentially allows him to execute arbitrary

    code by performing a "client side" attack.


Sign In or Register to comment.