{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24823", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.365Z", "datePublished": "2026-01-27T08:59:58.271Z", "dateUpdated": "2026-01-27T16:59:03.943Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/FASTSHIFT/X-TRACK", "defaultStatus": "affected", "modules": ["Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src"], "product": "X-TRACK", "programFiles": ["inflate.c"], "vendor": "FASTSHIFT", "versions": [{"lessThanOrEqual": "v2.7", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules).<p> This vulnerability is associated with program files <tt>inflate.C</tt>.</p><p>This issue affects X-TRACK: through v2.7.</p>"}], "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C.\n\nThis issue affects X-TRACK: through v2.7."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:59:58.271Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/FASTSHIFT/X-TRACK/pull/120"}], "source": {"discovery": "UNKNOWN"}, "title": "A heap-based buffer over-read or buffer overflow vulnerability in FASTSHIFT/X-TRACK", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T16:58:52.097755Z", "id": "CVE-2026-24823", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:59:03.943Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24823", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T16:58:52.097755Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:58:59.859Z"}}], "cna": {"title": "A heap-based buffer over-read or buffer overflow vulnerability in FASTSHIFT/X-TRACK", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 10, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "FASTSHIFT", "modules": ["Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src"], "product": "X-TRACK", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "v2.7"}], "programFiles": ["inflate.c"], "collectionURL": "https://github.com/FASTSHIFT/X-TRACK", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/FASTSHIFT/X-TRACK/pull/120", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C.\n\nThis issue affects X-TRACK: through v2.7.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules).<p> This vulnerability is associated with program files <tt>inflate.C</tt>.</p><p>This issue affects X-TRACK: through v2.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:59:58.271Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24823", "state": "PUBLISHED", "dateUpdated": "2026-01-27T16:59:03.943Z", "dateReserved": "2026-01-27T08:59:05.365Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:59:58.271Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C.\n\nThis issue affects X-TRACK: through v2.7."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de l\u00edmites, copia de b\u00fafer sin verificar el tama\u00f1o de la entrada ('desbordamiento de b\u00fafer cl\u00e1sico') en FASTSHIFT X-TRACK (m\u00f3dulos Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa inflate.C.\n\nEste problema afecta a X-TRACK: hasta la v2.7."}], "id": "CVE-2026-24823", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:53.067", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/FASTSHIFT/X-TRACK/pull/120"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:19:01.240244+00:00", "value": {"mitigation_remediation": ["Upgrade to a version newer than 2.7 once the vendor releases a patch", "Restrict or disable processing of PNG or inflate data from untrusted sources, or otherwise limit the use of the vulnerable decoder", "Verify that runtime address space layout randomization (ASLR) and data execution prevention (DEP) are enabled to mitigate the impact of any potential memory corruption"], "summary": {"action": "Immediate Patch", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "The flaw affects all versions of the FASTSHIFT X\u2011TRACK product up to and including version 2.7. The vulnerable code resides in the lv_img_png and PNGdec src directories of the X\u2011TRACK application", "description_and_impact": "This vulnerability is an out-of-bounds write caused by a buffer copy that does not check the size of the input, a classic buffer overflow flaw. It occurs in the PNG decoder modules of X\u2011TRACK, specifically in the inflate.C component. The flaw allows an attacker to corrupt heap memory, potentially leading to arbitrary code execution or a denial\u2011of\u2011service crash. It is catalogued as CWE\u2011120 and CWE\u2011787", "risk_and_exploitability": "The CVSS score for this issue is 10, indicating critical severity. The EPSS score is reported as less than 1\u202f%, indicating a low probability of exploitation in the wild. The flaw is not currently listed in CISA\u2019s KEV catalog. Although the exact attack vector is not detailed in the advisory, the buffer overflow likely requires the delivery of a crafted PNG or inflate input, meaning that exposure could be remote if the application accepts untrusted files over a network or local path. Given the high severity and the potential for remote code execution, the risk is considered high if the vulnerable version is deployed."}}}}, "created": "2026-01-27T20:17:11.686756+00:00", "updated": "2026-04-18T02:30:15.859472+00:00", "vendors": ["fastshift", "fastshift$PRODUCT$x-track"]}