CVE-2025-34123
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-07-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| videocharge | studio | 2.12.3.685 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in VideoCharge Studio version 2.12.3.685. It happens when the software processes a specially crafted .VSC configuration file that contains malicious data in the XML 'Name' attribute. This improper handling leads to an SEH (Structured Exception Handler) overwrite, allowing an attacker to execute arbitrary code by tricking a user into opening the malicious file.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the same privileges as the user who opens the malicious .VSC file. This could lead to unauthorized actions such as installing malware, stealing data, or taking control of the affected system.