CVE-2023-52389
conan/poco
Integer Overflow or Wraparound
UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.
All versions before 1.11.8, all versions starting from 1.12.0 before 1.12.5
Upgrade to version 1.12.5p1 or above.
2024-02-09
source |