Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer.

Related CVEs

CVE-2022-3379

Key Information

GHSA ID

GHSA-q4w7-f882-h6hc

Published

October 28, 2022 12:00 PM

Last Modified

October 31, 2022 7:00 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.