본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-9135, 9136, 9137, 9138, 9139 | DaviewIndy Multiple Overflow Vulnerability2019.04.08
□ Overview
 o HumanTalk Co,Ltd release security update to address a multiple overflow vulnerability in DaviewIndy.
Vulnerability Type Impact Severity CVE ID
Heap Overflow Code Execution High CVE-2019-9135
Heap Overflow Code Execution High CVE-2019-9136
Integer Overflow Code Execution High CVE-2019-9137
Integer Overflow Code Execution High CVE-2019-9138
Integer Overflow Code Execution High CVE-2019-9139


□ 설명
o DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2019-9135, 9136)
 o DaviewIndy has a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2019-9137, 9138, 9139)

□ Affected Product

Product Version
DaviewIndy 8.98.7 or lower


□ Solution
 o Update software over DaviewIndy 8.98.8 0version or higher.