xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "prior to 1.01"
},
{
"last_affected": "prior to 1.01"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43700.json",
"cna_assigner": "jpcert"
}"2026-07-09T14:42:26Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43700.json"
[
{
"id": "CVE-2024-43700-2e72685c",
"digest": {
"line_hashes": [
"162208129761456087524316223396678905754",
"159632197924142864019167686376406569624",
"318025434699631416911620586755070279694",
"126799990499487057996123179231831164331"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"file": "src/functions.h"
}
},
{
"id": "CVE-2024-43700-35846fa8",
"digest": {
"line_hashes": [
"21434419297881791642002315680425982415",
"128826446787592488082749930824976117686",
"41941888102980164013145518691410099147",
"264064133409258698939688317339792352748",
"202303226800068277301184530218518272618"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"file": "src/structs.h"
}
},
{
"id": "CVE-2024-43700-5bb9fbad",
"digest": {
"line_hashes": [
"169518047971976064903040225648051802761",
"326458526984800447485249535736673734144",
"62617655719383668456767895194421874840",
"104461997907002080200831565804515321622",
"265473139960413994905731715655051264045",
"43652774553416036265430804752882299245",
"254610363329753350229151517429285792510",
"286383597444350294478450934853190806254",
"2977242283366821105255930583012033625",
"99705893616635423430322399317406256058",
"54937311459197682289857713388750565185",
"76638281989000748599242577544601682617",
"313298757138095476643559674226818127871",
"56749436907652569652272259343201290939",
"127537815898990795852488847148694170316",
"76638281989000748599242577544601682617",
"315322092150970625009221788955238441034",
"117574632980192895448050369682641036823",
"219963070760018904852591903416241566165",
"268199865336545008391597910578555234754",
"315322092150970625009221788955238441034",
"291619558287044427941747382688098120523",
"291754105361153570857232122460690749056",
"197091845001819024446475779020762865662",
"110404736160028015982837763367737318088",
"102293777260901411627810534226094798585",
"108071861783498372806429658767782869522",
"24241973594692178456891398102732874385",
"159311776505478003237906374225506609823"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"file": "src/read.c"
}
},
{
"id": "CVE-2024-43700-5d3dc1d7",
"digest": {
"line_hashes": [
"123491770589187593824505934851377548048",
"115024153341880982320886060822118493020",
"218299850558716144646939699993134259878",
"20255967933348289887372390753215800123",
"64136447891293194263480750246437933261",
"88939189904899654381480149006167799688",
"308832507109753340755693969902977930801",
"1025955073812649402015989651388301574",
"200713922592290430430681280751406257568"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"file": "src/error.c"
}
},
{
"id": "CVE-2024-43700-70bd122d",
"digest": {
"line_hashes": [
"223662190111376313453085033128025626984",
"94130963145582640724425046632519822075",
"310463416688891087516410246901153856304",
"133997212278659051357896476343088795060",
"224032014837940075329065934111303811339",
"104882631602273201218023012949192792974",
"291786391892689275756575950797585313693",
"279813743340045815765807572437036118900",
"183613707065489365579650042642932324948"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"file": "src/para.c"
}
},
{
"id": "CVE-2024-43700-823a3ecd",
"digest": {
"line_hashes": [
"274669440386114111349425726049674691317",
"192292427265581306604051819685393046256",
"79498623734888658231098449513434703015",
"333926716935944950913933533890873860827",
"130285452012541651992863122932796820314",
"201123072537013513922873676646021678266",
"199206410338989847809263341234478867358",
"178251258058104237417244275646319097665",
"115960530121752235255233006741861375913",
"113017696167728981853555308466843970559",
"99204618258508902690753137335131408920",
"297366635336435412363981305469541275649",
"130810251543232887815034135465034917826",
"192292427265581306604051819685393046256",
"79498623734888658231098449513434703015",
"333926716935944950913933533890873860827",
"331276327378771354232242584022513712465"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"file": "src/dot.c"
}
},
{
"id": "CVE-2024-43700-8d1d585b",
"digest": {
"function_hash": "295433651977386149243387032455179952383",
"length": 1738.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"function": "read_nextline",
"file": "src/read.c"
}
},
{
"id": "CVE-2024-43700-8ed26ed8",
"digest": {
"function_hash": "78222908074958867681673228010029555424",
"length": 1953.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"function": "read_process_macroline",
"file": "src/read.c"
}
},
{
"id": "CVE-2024-43700-b337fac2",
"digest": {
"function_hash": "297110424406151641306741063023897204395",
"length": 1735.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"function": "para_macro_process",
"file": "src/para.c"
}
},
{
"id": "CVE-2024-43700-bcb028f1",
"digest": {
"function_hash": "303653909014490943992936246618234455569",
"length": 2034.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"function": "dot_process",
"file": "src/dot.c"
}
},
{
"id": "CVE-2024-43700-ebcebc80",
"digest": {
"line_hashes": [
"333504122228883232539202982694610962854",
"57866572020157409198575553934516691199",
"178052699603482385114163539941849990074"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"file": "src/globals.c"
}
},
{
"id": "CVE-2024-43700-f32deaea",
"digest": {
"function_hash": "200549772229141622883214826145398859906",
"length": 1285.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
"deprecated": false,
"target": {
"function": "do_macro",
"file": "src/dot.c"
}
}
]