Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7.
The vulnerability exists in the inflate.C file, which is part of the lv_img_png/PNGdec module responsible for decompression and decoding of PNG images. During processing of input data, its size is not checked before copying to the buffer, allowing data to be written beyond its boundaries (CWE-120, CWE-787). A specially crafted PNG file or data stream can trigger this overflow.
An attacker can cause memory areas outside the buffer to be overwritten, which may result in arbitrary code execution, application crash, or device destabilization. With a network vector and no required privileges or user interaction, the potential attack scope is very broad.
Software X-TRACK must be updated to a version higher than v2.7. Details of the fix are available in the vendor's references: https://github.com/FASTSHIFT/X-TRACK/pull/120
FASTSHIFT X-TRACK in all versions up to and including v2.7 (software in modules Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Red