CVE-2026-24823
Unknown Unknown - Not Provided
Out-of-Bounds Write in FASTSHIFT X-TRACK inflate.C Module

Publication date: 2026-01-27

Last updated on: 2026-01-27

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-27
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24823
EUVD
EUVD-2026-4804
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fastshift x-track to 2.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a classic buffer overflow in the FASTSHIFT X-TRACK software, specifically in the inflate() function used for decompressing gzip data. The issue arises because the function did not properly check the size of the input when processing the gzip header extra field. If the extra field size exceeded the buffer space allocated by the user, and multiple calls to inflate() delivered the extra header data, it could cause an out-of-bounds write by overflowing the buffer. This happens because the code was cloned from the zlib library but missed a critical security patch that prevents such overflows. [1]

Impact Analysis

This vulnerability can lead to a buffer overflow, which may allow an attacker to overwrite memory beyond the allocated buffer. This can result in arbitrary code execution, crashes, or other unpredictable behavior, potentially compromising the security and stability of the system running FASTSHIFT X-TRACK. Because the CVSS base score is 10.0, it indicates a critical impact with no required privileges or user interaction, making it highly exploitable remotely. [1]

Detection Guidance

Detection of this vulnerability involves checking if the affected version of FASTSHIFT X-TRACK (through v2.7) is in use and whether the vulnerable inflate() function is processing gzip headers with extra fields that could cause buffer overflow. Since the vulnerability is in the inflate() function handling gzip header extra fields, you can monitor for crashes or abnormal behavior during decompression of gzip files. Specific commands are not provided in the resources. However, you can verify the version of X-TRACK installed and check if the patch from pull request #120 has been applied. For example, you might use commands to check the software version or inspect the source code for the patch. No explicit detection commands are given. [1]

Mitigation Strategies

The immediate mitigation step is to apply the security patch from pull request #120, which fixes the buffer overflow in the inflate() function by incorporating the critical security patch originally applied to zlib. This patch ensures that the buffer space provided by the user is not exceeded during decompression. If updating is not immediately possible, avoid processing untrusted gzip files with extra header fields using the vulnerable version of FASTSHIFT X-TRACK. Upgrading to a version that includes this fix or applying the patch manually is recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart