Main Packages affected are Embarcadero C++Builder® XE6 Version 20.0.15596.9843 and Embarcadero Delphi XE6 Version 20.0.15596.9843
Applications developed with Delphi and C++ Builder that use the vulnerable integrated graphic library are prone to security vulnerability when processing malformed BMP files. The aforementioned vulnerability has been found in the VCL (Visual Component Library) allowing an attacker to use a specially crafted BMP file that produces a buffer overflow and potentially allows him to execute arbitrary code by performing a “client side” attack.
Read CoreLabs Security Advisory here – http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow