Delphi and C++ Builder VCL library Buffer Overflow

Main Packages affected are Embarcadero C++Builder® XE6 Version 20.0.15596.9843 and Embarcadero Delphi XE6 Version 20.0.15596.9843

Applications developed with Delphi and C++ Builder that use the vulnerable integrated graphic library are prone to security vulnerability when processing malformed BMP files. The aforementioned vulnerability has been found in the VCL (Visual Component Library) allowing an attacker to use a specially crafted BMP file that produces a buffer overflow and potentially allows him to execute arbitrary code by performing a “client side” attack.

Read CoreLabs Security Advisory here – http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow

Leave a Comment

Your email address will not be published.

Scroll to Top