Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow
Description
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack-based buffer overflow in Delta Electronic DOPSoft 2 versions up to 2.00.07 allows arbitrary code execution via crafted project files.
Vulnerability
Delta Electronic DOPSoft 2 versions up to 2.00.07 lack proper validation of user-supplied data when parsing specific project files. This leads to a stack-based buffer overflow during font string handling, as documented in CISA advisory [1].
Exploitation
An attacker would need to convince a user to open a specially crafted project file. No authentication is required, but user interaction (opening the file) is needed. The attack complexity is low [1].
Impact
Successful exploitation could allow arbitrary code execution in the context of the current process. The CVSS v3 base score is 7.8, with high impacts on confidentiality, integrity, and availability [1].
Mitigation
Delta Electronics has released updates; users should upgrade to the latest version. References in CISA advisory [1] provide details. Until patched, avoid opening untrusted project files.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.00.07+ 1 more
- (no CPE)range: <=2.00.07
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- us-cert.cisa.gov/ics/advisories/icsa-21-252-02mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.