PT-2018-17985 · Activepdf · Activepdf Toolkit
François Goichon
·
Published
2018-02-28
·
Updated
2018-03-23
·
CVE-2018-7264
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ActivePDF toolkit versions through 2018.1.0.18321
Description
The issue is related to the Pictview image processing library embedded in the ActivePDF toolkit, which is prone to multiple out of bounds write and sign errors. This allows a remote attacker to execute arbitrary code on vulnerable applications that use the ActivePDF Toolkit to process untrusted images.
Recommendations
For versions through 2018.1.0.18321, update to a version later than 2018.1.0.18321 to resolve the issue.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Activepdf Toolkit