CVE-2012-10057

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb
https://web.archive.org/web/20121014002756/http://secunia.com/advisories/48740/
https://www.exploit-db.com/exploits/18947
https://www.exploit-db.com/exploits/18947
https://www.latticesemi.com/ispvm
https://www.vulncheck.com/advisories/lattice-semiconductor-ispvm-system-xcf-file-handling-buffer-overflow

Configurations

No configuration.

History

13 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 21:15

Updated : 2025-08-14 15:15

NVD link : CVE-2012-10057

Mitre link : CVE-2012-10057

JSON object : View

Products Affected

No product.

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb", "name": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb", "tags": [], "refsource": ""}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb", "name": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb", "tags": [], "refsource": ""}, {"url": "https://web.archive.org/web/20121014002756/http://secunia.com/advisories/48740/", "name": "https://web.archive.org/web/20121014002756/http://secunia.com/advisories/48740/", "tags": [], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/18947", "name": "https://www.exploit-db.com/exploits/18947", "tags": [], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/18947", "name": "https://www.exploit-db.com/exploits/18947", "tags": [], "refsource": ""}, {"url": "https://www.latticesemi.com/ispvm", "name": "https://www.latticesemi.com/ispvm", "tags": [], "refsource": ""}, {"url": "https://www.vulncheck.com/advisories/lattice-semiconductor-ispvm-system-xcf-file-handling-buffer-overflow", "name": "https://www.vulncheck.com/advisories/lattice-semiconductor-ispvm-system-xcf-file-handling-buffer-overflow", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-10057", "ASSIGNER": "disclosure@vulncheck.com"}}, "impact": {}, "publishedDate": "2025-08-13T21:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-14T15:15Z"}