CVE-2019-14665
Description
Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-based buffer overflow in Brandy BASIC interpreter 1.20.1 allows memory corruption via crafted source code.
Vulnerability
Brandy 1.20.1 contains a heap-based buffer overflow in the define_array() function in src/variables.c (lines 407 and 414). The vulnerability is triggered when processing a crafted BASIC source code that causes a write beyond the allocated heap buffer. [1]
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted BASIC source file to the Brandy interpreter. No authentication or special privileges are required; the victim only needs to execute the malicious script. According to the bug report, the issue was discovered via fuzzing with American Fuzzy Lop. [1]
Impact
Successful exploitation results in a heap-buffer-overflow, which may lead to memory corruption. While the report does not demonstrate code execution, heap-based overflows can potentially allow an attacker to control program flow or achieve arbitrary code execution depending on the runtime environment. [1]
Mitigation
As of the publication date (2019-08-05), no fix or updated version has been released for Brandy 1.20.1. Users should avoid running untrusted BASIC scripts until a patch is available. No workaround is disclosed in the available references. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Brandy/Brandydescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- sourceforge.net/p/brandy/bugs/8/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.