SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
References
Link | Resource |
---|---|
https://www.scintilla.org/ScintillaHistory.html | Release Notes Vendor Advisory |
https://notepad-plus-plus.org/download/v7.7.html | Release Notes Vendor Advisory |
https://github.com/bi7s/CVE/tree/master/CVE-2019-16294 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html | Third Party Advisory VDB Entry |
Information
Published : 2019-09-14 09:15
Updated : 2023-02-28 11:38
NVD link : CVE-2019-16294
Mitre link : CVE-2019-16294
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
notepad-plus-plus
- notepad\+\+
scintilla
- scintilla