CVE-2024-43700

Source
https://cve.org/CVERecord?id=CVE-2024-43700
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43700.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-43700
Downstream
Published
2024-08-29T07:36:13.470Z
Modified
2026-07-09T14:42:26.714515Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "prior to 1.01"
                },
                {
                    "last_affected": "prior to 1.01"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43700.json",
    "cna_assigner": "jpcert"
}
References

Affected packages

Git / github.com/philiphazel/xfpt

Affected ranges

Type
GIT
Repo
https://github.com/philiphazel/xfpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

xfpt-1.*
xfpt-1.00

Database specific

vanir_signatures_modified
"2026-07-09T14:42:26Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43700.json"
vanir_signatures
[
    {
        "id": "CVE-2024-43700-2e72685c",
        "digest": {
            "line_hashes": [
                "162208129761456087524316223396678905754",
                "159632197924142864019167686376406569624",
                "318025434699631416911620586755070279694",
                "126799990499487057996123179231831164331"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "file": "src/functions.h"
        }
    },
    {
        "id": "CVE-2024-43700-35846fa8",
        "digest": {
            "line_hashes": [
                "21434419297881791642002315680425982415",
                "128826446787592488082749930824976117686",
                "41941888102980164013145518691410099147",
                "264064133409258698939688317339792352748",
                "202303226800068277301184530218518272618"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "file": "src/structs.h"
        }
    },
    {
        "id": "CVE-2024-43700-5bb9fbad",
        "digest": {
            "line_hashes": [
                "169518047971976064903040225648051802761",
                "326458526984800447485249535736673734144",
                "62617655719383668456767895194421874840",
                "104461997907002080200831565804515321622",
                "265473139960413994905731715655051264045",
                "43652774553416036265430804752882299245",
                "254610363329753350229151517429285792510",
                "286383597444350294478450934853190806254",
                "2977242283366821105255930583012033625",
                "99705893616635423430322399317406256058",
                "54937311459197682289857713388750565185",
                "76638281989000748599242577544601682617",
                "313298757138095476643559674226818127871",
                "56749436907652569652272259343201290939",
                "127537815898990795852488847148694170316",
                "76638281989000748599242577544601682617",
                "315322092150970625009221788955238441034",
                "117574632980192895448050369682641036823",
                "219963070760018904852591903416241566165",
                "268199865336545008391597910578555234754",
                "315322092150970625009221788955238441034",
                "291619558287044427941747382688098120523",
                "291754105361153570857232122460690749056",
                "197091845001819024446475779020762865662",
                "110404736160028015982837763367737318088",
                "102293777260901411627810534226094798585",
                "108071861783498372806429658767782869522",
                "24241973594692178456891398102732874385",
                "159311776505478003237906374225506609823"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "file": "src/read.c"
        }
    },
    {
        "id": "CVE-2024-43700-5d3dc1d7",
        "digest": {
            "line_hashes": [
                "123491770589187593824505934851377548048",
                "115024153341880982320886060822118493020",
                "218299850558716144646939699993134259878",
                "20255967933348289887372390753215800123",
                "64136447891293194263480750246437933261",
                "88939189904899654381480149006167799688",
                "308832507109753340755693969902977930801",
                "1025955073812649402015989651388301574",
                "200713922592290430430681280751406257568"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "file": "src/error.c"
        }
    },
    {
        "id": "CVE-2024-43700-70bd122d",
        "digest": {
            "line_hashes": [
                "223662190111376313453085033128025626984",
                "94130963145582640724425046632519822075",
                "310463416688891087516410246901153856304",
                "133997212278659051357896476343088795060",
                "224032014837940075329065934111303811339",
                "104882631602273201218023012949192792974",
                "291786391892689275756575950797585313693",
                "279813743340045815765807572437036118900",
                "183613707065489365579650042642932324948"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "file": "src/para.c"
        }
    },
    {
        "id": "CVE-2024-43700-823a3ecd",
        "digest": {
            "line_hashes": [
                "274669440386114111349425726049674691317",
                "192292427265581306604051819685393046256",
                "79498623734888658231098449513434703015",
                "333926716935944950913933533890873860827",
                "130285452012541651992863122932796820314",
                "201123072537013513922873676646021678266",
                "199206410338989847809263341234478867358",
                "178251258058104237417244275646319097665",
                "115960530121752235255233006741861375913",
                "113017696167728981853555308466843970559",
                "99204618258508902690753137335131408920",
                "297366635336435412363981305469541275649",
                "130810251543232887815034135465034917826",
                "192292427265581306604051819685393046256",
                "79498623734888658231098449513434703015",
                "333926716935944950913933533890873860827",
                "331276327378771354232242584022513712465"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "file": "src/dot.c"
        }
    },
    {
        "id": "CVE-2024-43700-8d1d585b",
        "digest": {
            "function_hash": "295433651977386149243387032455179952383",
            "length": 1738.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "function": "read_nextline",
            "file": "src/read.c"
        }
    },
    {
        "id": "CVE-2024-43700-8ed26ed8",
        "digest": {
            "function_hash": "78222908074958867681673228010029555424",
            "length": 1953.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "function": "read_process_macroline",
            "file": "src/read.c"
        }
    },
    {
        "id": "CVE-2024-43700-b337fac2",
        "digest": {
            "function_hash": "297110424406151641306741063023897204395",
            "length": 1735.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "function": "para_macro_process",
            "file": "src/para.c"
        }
    },
    {
        "id": "CVE-2024-43700-bcb028f1",
        "digest": {
            "function_hash": "303653909014490943992936246618234455569",
            "length": 2034.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "function": "dot_process",
            "file": "src/dot.c"
        }
    },
    {
        "id": "CVE-2024-43700-ebcebc80",
        "digest": {
            "line_hashes": [
                "333504122228883232539202982694610962854",
                "57866572020157409198575553934516691199",
                "178052699603482385114163539941849990074"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "file": "src/globals.c"
        }
    },
    {
        "id": "CVE-2024-43700-f32deaea",
        "digest": {
            "function_hash": "200549772229141622883214826145398859906",
            "length": 1285.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/philiphazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4",
        "deprecated": false,
        "target": {
            "function": "do_macro",
            "file": "src/dot.c"
        }
    }
]