PT-2019-17416 · Rainbow · Rainbow Pdf Office Server Document Converter

Publicado

2019-10-31

Atualizado

2022-06-07

CVE-2019-5030

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rainbow PDF Office Server Document Converter version 7.0 Pro MR1 (7,0,2019,0220)

Description A buffer overflow issue exists in the PowerPoint document conversion function. The TxMasterStyleAtom::parse function incorrectly checks the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.

Recommendations For Rainbow PDF Office Server Document Converter version 7.0 Pro MR1 (7,0,2019,0220), consider disabling the TxMasterStyleAtom::parse function until a patch is available to prevent potential code execution.

Exploit

Correção

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

CVE-2019-5030

Produtos afetados

Rainbow Pdf Office Server Document Converter

PT-2019-17416 · Rainbow · Rainbow Pdf Office Server Document Converter

CVE-2019-5030

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3