Visual truncation vulnerability in WinImage 8.10 and...
High severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Sep 18, 2007
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Jan 31, 2023
Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files.
References