Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jp…

A buffer overflow vulnerability was discovered in arendst Tasmota v.15.3.0.3 and earlier versions. The vulnerability exists in the xdrv_10_scripter.ino component, specifically in the fetch_jpg() function where improper use of strcpy() with the jpg_task.boundary[40] buffer can lead to memory corruption. This flaw allows remote attackers to execute arbitrary code on affected Tasmota devices. The vulnerability impacts IoT devices running vulnerable Tasmota firmware versions. Given Tasmota's widespread use in smart home and IoT applications, this represents a significant security risk for connected device ecosystems.