CVE-2024-1112: Buffer Overflow Vulnerability in Resource Hacker

7.3 CVSS

Description

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.

Classification

CVE ID: CVE-2024-1112

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem Types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected Products

Vendor: Angus Johnson

Product: Resource Hacker

Exploit Prediction Scoring System (EPSS)

EPSS Score: 32.55% (probability of being exploited)

EPSS Percentile: 96.61% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-1112
https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-resource-hacker

Timeline

2025-05-29 16:40:14 UTC
CVE

Buffer Overflow Vulnerability in Resource Hacker