CVE-2024-43700 – Ubuntu Security Notice USN-7192-1

https://notcve.org/view.php?id=CVE-2024-43700

29 Aug 2024 — xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment. It was discovered that xfpt did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the applicatio... • https://github.com/PhilipHazel/xfpt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •