Home

Description

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.

PUBLISHED Reserved 2025-12-19 | Published 2025-12-22 | Updated 2025-12-22 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Use of Externally-Controlled Format String

Product status

1.1.2
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php exploit

www.exploit-db.com/exploits/51259 (ExploitDB-51259) exploit

web.archive.org/web/20221207074555/https://www.sound4.com/ (SOUND4 Official Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php (Zero Science Lab Disclosure (ZSL-2022-5744)) third-party-advisory

www.vulncheck.com/...ter-format-string-stack-buffer-overflow (VulnCheck Advisory: SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow) third-party-advisory

cve.org (CVE-2023-53966)

nvd.nist.gov (CVE-2023-53966)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.