Friday, April 19, 2024

Notepad++ v8.5.7 Released: Fix for 4 Security Vulnerabilities

Notepad++ v8.5.7 has been released, which has several bug fixes and new features. There has also been Integrity and authenticity validation, added Security enhancement and fixed a memory leak while reading Utf8-16 files.

Multiple vulnerabilities in Notepad++ relating to Heap buffer read overflow, Heap buffer write overflow & Global buffer read overflow were previously reported. However, the new version of Notepad++ claims to have patched these vulnerabilities.

Gitlab security researcher Jaroslav Lobačevski (@JarLob) discovered these vulnerabilities during the end of August 2023. However, as part of the GitLab coordinated disclosure policy, these vulnerabilities were publicly disclosed before Notepad++ patched them.

Notepad++ v8.5.7

This current new version of Notepad++ implemented the integrity and authenticity validation by introducing the GPG Notepad++ Public key which can be used for the verification of GPG Signature. In addition to that, SHA-256 digests of binary packages have also been added which can be used for checking the integrity of your Notepad++ download.

As part of Bug fixes and new features, Notepad++ has fixed the vulnerabilities reported previously which had the CVE IDs CVE-2023-40031, CVE-2023-40036, CVE-2023-40164 & CVE-2023-40166

Other fixes include Document disassociated issue, Dragging tab performance issue, Session file saving problem, product version value displayed in file’s properties and activating wrong file(s) were also rectified as part of this new release.

Furthermore, Notepad++ has added an option to suppress file with more than 2GB. This option enables Notepad++ to wait for user confirmation before opening a large file.

“Notepad++ will completely hang and await user confirmation when trying to open a file bigger than 2GB.” reads the issue on GitHub. Notepad++ has also released their current version of source code which can be found in this link

It is recommended for users of Notepad++ to upgrade to version 8.5.7 in order to fix the vulnerabilities and improve the application’s performance.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles