MidnightBSD

Advisories for lattice_semiconductor

CVE-2012-2614 MEDIUM

Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lattice_semiconductor lattice_diamond_programmer 1.4.2
CVE-2012-2915 HIGH

Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lattice_semiconductor pac-designer 6.2.1344