Buffer Overflow Vulnerability in Resource Hacker

Posted date 31/01/2024
4 - High
Affected Resources
  • Resource Hacker, version

INCIBE has coordinated the publication of 1 high severity vulnerability affecting Resource Hacker version, a resource editor for 32-bit and 64-bit Windows applications developed by Angus Johnson, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-1112: 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-119.

Vulnerability fixed in version 5.2.1.


CVE-2024-1112: heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.

References list