CVE-2019-5019

Name of the Vulnerable Software and Affected Versions Rainbow PDF Office Server Document Converter version 7.0 Pro R1 (7,0,2018,1113)

Description A heap-based overflow issue exists in the PowerPoint document conversion function. The getSummaryInformation function incorrectly checks the correlation between size and the number of properties in PropertySet packets while parsing the Document Summary Property Set stream, leading to an out-of-bounds write, heap corruption, and potential code execution.

Recommendations For Rainbow PDF Office Server Document Converter version 7.0 Pro R1 (7,0,2018,1113), consider disabling the PowerPoint document conversion function until a patch is available. Restrict access to the getSummaryInformation function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.