The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Delphi

vulnerability alert CVE-2014-0994

Embarcadero Delphi: buffer overflow of VCL

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the VCL library of Embarcadero Delphi, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Delphi.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/09/2014.
Identifiers: CORE-2014-0006, CVE-2014-0994, VIGILANCE-VUL-15361.

Description of the vulnerability

The Embarcadero Delphi product provides a VCL (Visual Component Library) library to handle BMP images.

However, the number of colors in the image is not checked. An excessive value leads to an overflow while processing the color palette.

An attacker can therefore generate a buffer overflow in the VCL library of Embarcadero Delphi, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-0993

Embarcadero Delphi: buffer overflow of VCL

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the VCL library of Embarcadero Delphi, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Delphi.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/08/2014.
Identifiers: CORE-2014-0004, CVE-2014-0993, VIGILANCE-VUL-15211, VU#646748.

Description of the vulnerability

The Embarcadero Delphi product provides a VCL (Visual Component Library) library to handle BMP images.

However, the number of colors in the image is not checked. An excessive value leads to an overflow while processing the color palette.

An attacker can therefore generate a buffer overflow in the VCL library of Embarcadero Delphi, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Delphi: