VDB
CVE-2023-39538
CVE-2023-39538
PUBLISHED
BRLY-LOGOFAIL-2023-016 High CVE-2023-39538 BINARLY efiXplorer team has discovered an integer overflow on memory allocation size that leads to OOB Write operations during PNG file processing in AMI firmware.
EPSS 0.01% · 1.9th percentile
Risk Scores
EPSS Score
0.01%
1.9th percentile
Exploit Intelligence
- [BRLY-2023-006] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access. (binarly)
- https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf (circl)
- https://security.netapp.com/advisory/ntap-20240105-0003/ (circl)
- [BRLY-LOGOFAIL-2023-017] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access (binarly)
Timeline
- Dec 6, 2023 CVE Published
- Dec 7, 2023 EPSS Score
- Jan 5, 2024 EPSS Score
- Feb 4, 2024 EPSS Score
- Mar 4, 2024 EPSS Score
- Apr 3, 2024 EPSS Score
- May 2, 2024 EPSS Score
- Jun 1, 2024 EPSS Score
- Jun 30, 2024 EPSS Score
- Jul 30, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
- Sep 27, 2024 EPSS Score
References
- [BRLY-2023-006] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access. advisory
- [BRLY-LOGOFAIL-2023-013] Memory contents leak / information disclosure vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-024] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-022] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-018] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-019] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-020] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-023] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-016] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-014] Out-of-bounds Read in DXE driver advisory
- [BRLY-LOGOFAIL-2023-015] Out-of-bounds Read in DXE driver advisory
- [BRLY-LOGOFAIL-2023-017] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
…and 1 more