CVE-2024-53319

CVE-2024-53319 is a heap buffer overflow vulnerability in the XML Text Escaping component of the Qualisys C++ SDK at commit a32a21a. This flaw, classified under CWE-120 (Buffer Copy without Checking Size of Input), enables attackers to trigger a denial of service (DoS) condition by providing input containing special XML characters that exceed buffer boundaries during the escaping process. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for remote disruption without requiring authentication or user interaction.

Attackers can exploit this vulnerability remotely over the network with low complexity and no privileges. By supplying malformed input with special XML characters to any application or service using the affected Qualisys C++ SDK commit, an unauthenticated adversary can cause a heap buffer overflow, leading to application crashes or resource exhaustion that results in DoS. There is no impact on confidentiality or integrity, but the availability disruption can affect dependent systems processing XML data.

Further details on the vulnerability, including potential patches or workarounds, are documented in the GitHub issue at https://github.com/qualisys/qualisys_cpp_sdk/issues/49. Security practitioners using the Qualisys C++ SDK should review this advisory and update to a fixed commit if available to mitigate the risk.