PT-2019-17427 · Aspose · Aspose.Words

Published

2019-08-21

Updated

2022-06-27

CVE-2019-5041

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aspose.Words library version 18.11.0.0

Description A Stack Based Buffer Overflow issue exists in the EnumMetaInfo function, allowing remote code execution through a specially crafted doc file. An attacker can trigger this by providing a malformed file to the victim.

Recommendations For Aspose.Words library version 18.11.0.0, update to a newer version that contains a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting the handling of doc files from untrusted sources to minimize the risk of exploitation.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2019-5041

Affected Products

Aspose.Words

PT-2019-17427 · Aspose · Aspose.Words

CVE-2019-5041

Weakness Enumeration

Related Identifiers

Affected Products

References · 3