Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code

Several Buffer Overflow vulnerabilities have been discovered in Notepad++ that can be exploited by threat actors for malicious purposes. The severities of these vulnerabilities vary from 5.5 (Medium ) to 7.8 (High).

The vulnerabilities are based on heap buffer write overflow and heap buffer read overflow on some functions and libraries used by Notepad++ software, identified by Gitlab security researcher Jaroslav Lobačevski (@JarLob).

Notepad++ is an open-source C++-based source code editor that works in Microsoft x86, x64, and AArch64-based architectures. Notepad++ supports tabbed editing and allows working with multiple files in a single window. Don Ho developed it.

Notepad++ has not patched these vulnerabilities. However, according to their coordinated disclosure policy, GitLab published these vulnerabilities along with the proof-of-concept.

CVE(s):

CVE-2023-40031: Heap buffer write overflow in Utf8_16_Read::convert

Notepad++ uses a function called Utf8_16_Read::convert, which converts UTF16 to UTF8 encoding. This function has a flaw since it assumes that for every two UTF16 encoded bytes, three UTF8 encoded bytes are needed. If the chunk of bytes is set to an odd value like 9, the calculation becomes incompatible, resulting in a buffer overflow.

CVE-2023-40036: Global buffer read overflow in CharDistributionAnalysis::HandleOneChar

This vulnerability exists because the array index order is dependent on the size of the mCharToFreqOrder buffer that a threat actor can exploit by specially crafting a file leading to a Global buffer read overflow. In addition, the application also uses a uchardet library that supports this operation.

CVE-2023-40164: Global buffer read overflow in nsCodingStateMachine::NextState

A diverged copy of uchardet library is being used by Notepad++, which was found to be vulnerable to Global buffer read overflow. This was because the array index byteCls is dependent on the size of the charLenTable buffer, which a specially crafted file can exploit.

CVE-2023-40166: Heap buffer read overflow in FileManager::detectLanguageFromTextBegining

When opening a file, Notepad++ calls the function FileManager::loadFile, which allocates a fixed-size buffer, followed by FileManager::loadFileData, loading the first block of data to the buffer.

After this, it calls the detectLanguageFromTextBegining to identify the file's starting point's content type. The flaw exists since the loop FileManager::detectLanguageFromTextBegining does not check if the i+longestlength < dataLen, resulting in a buffer overflow.

Patches are yet to be confirmed by Notepad++ for fixing these vulnerabilities. GitLab has published a complete report about this vulnerability, which mentions the proof-of-concept, example code, and other information.

相关推荐
2601_962054952 天前
2026最新5款AI编程工具平替实测合集
人工智能·notepad++·ai编程
AI行业学习4 天前
Notepad++ 官方纯净下载+完整安装教程(Windows)【2026.7.5】
开发语言·windows·python·前端框架·html·notepad++
AI行业学习4 天前
2026 版 Notepad++ 完整图文安装指南|官方渠道无捆绑,一键切换中文界面
开发语言·人工智能·python·html·notepad++
AI行业学习4 天前
Notepad++ 官方下载 + 完整安装 + 全套优化配置(2026最新)
开发语言·人工智能·python·前端框架·html·notepad++
AI行业学习5 天前
Notepad++快速下载-Notepad++下载方式【2026-7-4】
开发语言·python·前端框架·html·notepad++·html5
博客zhu虎康8 天前
小程序:微信小程序连接打印机蓝牙打印全攻略
微信小程序·小程序·notepad++
爱分享的小美25 天前
Notepad++ 下载、安装(保姆图文教程+安装包)
notepad++
daly52025 天前
Notepad++怎么下载?2026最新版Notepad++安装教程(Windows免费文本编辑器)
windows·notepad++·notepad
克里斯蒂亚诺更新1 个月前
微信小程序使用vant4 weapp自定义菜单 但是弹出层却被菜单遮挡的解决办法
微信小程序·小程序·notepad++
ldmd2841 个月前
Typescript 入门篇-3
javascript·typescript·notepad++