CVE-2025-63701
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | tp-3250_printer_driver | 0.3.9200.20789 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap corruption issue in the Advantech TP-3250 printer driver, specifically in the DrvUI_x64_ADVANTECH.dll file. It occurs when the DocumentPropertiesW() function is called with a valid dmDriverExtra value but an output buffer that is smaller than expected. The driver mistakenly assumes the output buffer size matches the input buffer size, which leads to invalid memory operations and heap corruption.
How can this vulnerability impact me? :
The vulnerability can cause denial of service by crashing applications that use the affected driver. Additionally, it has the potential to allow code execution in user space, which could be exploited by an attacker with local access to the system.