Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jp…

A buffer overflow vulnerability has been discovered in arendst Tasmota firmware version 15.3.0.3 and earlier versions. The vulnerability exists in the xdrv_10_scripter.ino file within the fetch_jpg() function, specifically affecting the jpg_task.boundary[40] buffer through unsafe use of the strcpy() function. This security flaw allows remote attackers to execute arbitrary code on affected devices. The vulnerability represents a significant security risk for IoT devices running vulnerable versions of Tasmota firmware. Users should update to patched versions to mitigate the risk of remote code execution attacks.