CVE-2019-5088
First published: Tue Nov 05 2019(Updated: )
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Investintech Able2Extract | =14.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-5088.
What is the severity level of CVE-2019-5088?
CVE-2019-5088 has a severity level of 7.8, which is considered high.
Which software is affected by CVE-2019-5088?
Investintech Able2Extract Professional 14.0.7 x64 is affected by CVE-2019-5088.
How can CVE-2019-5088 be triggered?
CVE-2019-5088 can be triggered by sending a specially crafted BMP file.
How can the impact of CVE-2019-5088 be mitigated?
To mitigate the impact of CVE-2019-5088, it is recommended to update Investintech Able2Extract Professional to a version that includes a fix for the vulnerability.
- collector/nvd-index
- vendor/investintech
- canonical/investintech able2extract
- version/investintech able2extract/14.0.7