PT-2019-17416 · Rainbow · Rainbow Pdf Office Server Document Converter

Published

2019-10-31

Updated

2022-06-07

CVE-2019-5030

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rainbow PDF Office Server Document Converter version 7.0 Pro MR1 (7,0,2019,0220)

Description A buffer overflow issue exists in the PowerPoint document conversion function. The TxMasterStyleAtom::parse function incorrectly checks the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.

Recommendations For Rainbow PDF Office Server Document Converter version 7.0 Pro MR1 (7,0,2019,0220), consider disabling the TxMasterStyleAtom::parse function until a patch is available to prevent potential code execution.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2019-5030

Affected Products

Rainbow Pdf Office Server Document Converter

PT-2019-17416 · Rainbow · Rainbow Pdf Office Server Document Converter

CVE-2019-5030

Weakness Enumeration

Related Identifiers

Affected Products

References · 3