improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5.
The vulnerability results from incorrect arithmetic operations on pointers in the application code, which can lead to reading or writing memory outside of designated areas. Incorrect pointer address calculations can result in memory corruption in a way that can be exploited by an attacker. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) and user interaction (UI:N), the exploit can be conducted remotely and without any prerequisites.
An attacker can gain full control over the vulnerable system, including violations of confidentiality, integrity, and availability of data — which corresponds to the highest ratings for all three components in the CVSS vector.
SkyFire_548 should be updated to version 5.4.8-stable5 or later. Details are available in the vendor references: https://github.com/cadaver/turso3d/pull/11
ProjectSkyfire SkyFire_548 in all versions prior to 5.4.8-stable5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H