CVE-2021-40161

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PDFTron versions prior to 9.0.7

Description A Memory Corruption issue may lead to code execution through maliciously crafted DLL files. The vulnerability is related to errors in the mechanism for checking the path to dynamically loaded libraries (DLL). Exploitation of the issue may allow a remote attacker to execute arbitrary code by opening a specially crafted malicious PDF file.

Recommendations For versions prior to 9.0.7, update to version 9.0.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of dynamically loaded libraries (DLL) to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427CWE-125CWE-787

Related Identifiers

BDU:2022-00471

CVE-2021-40161

Affected Products

Pdftron

CVE-2021-40161

Weakness Enumeration

Related Identifiers

Affected Products

References · 8