PT-2020-19580 · Documalis · Documalis Free Pdf Editor+1

Metacom27

Published

2020-08-12

Updated

2020-08-19

CVE-2020-7374

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Documalis Free PDF Editor version 5.7.2.26 Documalis Free PDF Scanner version 5.7.2.122

Description The issue arises from the improper validation of JPEG images within PDFs, which can be exploited to trigger a buffer overflow on the stack. This can lead to remote code execution with the privileges of the user running the software.

Recommendations For Documalis Free PDF Editor version 5.7.2.26, update to a version that properly validates the contents of JPEG images to prevent buffer overflow attacks. For Documalis Free PDF Scanner version 5.7.2.122, update to a version that correctly handles JPEG images within PDFs to mitigate the risk of remote code execution.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2020-7374

Affected Products

Documalis Free Pdf Editor

Documalis Free Pdf Scanner

PT-2020-19580 · Documalis · Documalis Free Pdf Editor+1

CVE-2020-7374

Weakness Enumeration

Related Identifiers

Affected Products

References · 3